Home > Cannot Get > Cannot Get Rid Of Win32TrojanTDSS

Cannot Get Rid Of Win32TrojanTDSS

Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.ViewpointViewpoint ManagerViewpoint Media PlayerAlso uninstall the Ask Toolbar, because this one is unwanted as Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. Path: C:\Documents and Settings\Evan\Local Settings\Application Data\Microsoft\Messenger\carlycunningham0406@hotmail.com\SharingMetadata\lauren.macleod@hotmail.com\DFSR\Staging\CSpost:13444076\39\1228-post:13444075-v239-post:13444074-v1228-Downloaded.frx Status: Locked to the Windows API! When finished, it will produce a log.

Path: C:\Documents and Settings\Evan\Local Settings\Application Data\Microsoft\Messenger\carlycunningham0406@hotmail.com\SharingMetadata\lauren.macleod@hotmail.com\DFSR\Staging\CS SAME TAGGED 0\59\1220- ACTIVE USERS 9-v159- ACTIVE USERS 8-v1220-Downloaded.frx Status: Locked to the Windows API! Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst If possible rootkit activity is found, you will be asked if you would like I'm sorry for making a few mistakes! On the General and Startup...tab, uncheck, "Start SUPERAntiSpyware when Windows starts" click Close to exit. http://newwikipost.org/topic/6GnFhln13TlNogVrDZfqfXfk1f1TMmqp/Cannot-get-rid-of-Win32TrojanTDSS.html

Here is the CF report- ComboFix 09-05-11.01 - eclark 06/19/2009 7:33.1 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1.#QNAN.292 [GMT -4:00] Running from: c:\documents and settings\eclark\Desktop\cf.exe AV: Symantec AntiVirus Corporate Edition *On-access Not only does the trojan affect my internet browsers, but it is preventing me from running either Malwarebytes Anti-Malware or Combofix. Any help would be very much appreciated! BLEEPINGCOMPUTER NEEDS YOUR HELP!

It did this also when I tried it a second and third time. Many thanks, Dave Back to top #15 dawei dawei Member Members 11 posts Posted 20 June 2010 - 04:47 PM Blade, It still crashed when only sections option was enabled. I realise that I should have taken more care. Path: C:\Documents and Settings\Evan\Local Settings\Application Data\Microsoft\Messenger\carlycunningham0406@hotmail.com\SharingMetadata\fluffybutt22@hotmail.com\DFSR\Staging\CSpost:13419283\32\232-post:13419282-v232-post:13419281-v232-Downloaded.frx Status: Locked to the Windows API!

Attachments 0 Discussion Starter tube 7 Years Ago ComboFix 09-06-19.01 - eclark 06/20/2009 10:08.2 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.119 [GMT -4:00] Running from: c:\documents and settings\eclark\Desktop\cf.exe Command switches used Trending search phrases: bmi calculator, scarlet fever, blood pressure, cystic fibrosis, pregnancy symptoms, glandular fever, multiple sclerosis, prostate cancer, depression test, rheumatoid arthritis This website uses cookies. Please help me get rid of this thing, Thanks ROOTREPEAL © AD, 2007-2009 ================================================== Scan Time: 2009/07/12 22:47 Program Version: Version 1.3.0.0 Windows Version: Windows XP SP2 ================================================== Drivers ------------------- Name: I cannot open any other anti virus programs on the computer as well.

This is the file located in the Program Files\Malwarebytes' Anti-Malware folder. C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process. ? Path: C:\Documents and Settings\Evan\Local Settings\Application Data\Microsoft\Messenger\carlycunningham0406@hotmail.com\SharingMetadata\fluffybutt22@hotmail.com\DFSR\Staging\CSpost:13419289\30\230-post:13419288-v230-post:13419287-v230-Downloaded.frx Status: Locked to the Windows API! Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013 UNITE member since 2006 I don't help with logs thru PM so don't bother to post me one.

Several functions may not work. please understand that i don't have the money to have it fixed if i mess something up or if something bad goes wrong.. Provided removal instructions are meant to be used in the correspondent user's case only. Like Show 0 Likes(0) Actions Go to original post Actions Remove from profile Feature on your profile More Like This Retrieving data ... © 2007-2017 Jive Software | Powered by Home

Click continue. Are you still having problems ? All Activity Home Malware Removal Help Malware Removal for Windows Resolved Malware Removal Logs Trouble with win32trojantdss Privacy Policy Contact Us Back to Top Malwarebytes Community Software by Invision Power Services, Path: C:\Documents and Settings\Evan\Local Settings\Application Data\Microsoft\Messenger\carlycunningham0406@hotmail.com\SharingMetadata\lauren.macleod@hotmail.com\DFSR\Staging\CS Close topic 7\46\1251- Close topic 6-v246- Close topic 5-v1251-Downloaded.frx Status: Locked to the Windows API!

Short of reinstalling the operating system do I have any options? This is one problem which really needs to be dealt with meticulouslyfrom start to finish. Thank you ! GMER will produce a log.

Several functions may not work. All I have to do is start typing the file name in search and everything shuts down. Press OK.B.

Share this post Link to post Share on other sites miekiemoes    Forum Deity Moderators 8,338 posts Location: Belgium ID: 3   Posted June 12, 2009 Hi,First please take a look

Path: C:\Documents and Settings\Evan\Local Settings\Application Data\Microsoft\Messenger\carlycunningham0406@hotmail.com\SharingMetadata\lauren.macleod@hotmail.com\DFSR\Staging\CSpost:13443067\36\1165-post:13443066-v136-post:13443065-v1165-Downloaded.frx Status: Locked to the Windows API! cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-28 55456] R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504] R3 mfeavfk;McAfee Inc. Path: C:\Documents and Settings\Evan\Local Settings\Application Data\Microsoft\Messenger\carlycunningham0406@hotmail.com\SharingMetadata\fluffybutt22@hotmail.com\DFSR\Staging\CSpost:13414508\02\826-post:13414507-v102-post:13414506-v826-Downloaded.frx Status: Locked to the Windows API! Uncheck Carbonite online backup trial if it's offered there.Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.Double-click ATF Cleaner.exe to open itUnder Main choose:Windows TempCurrent User TempAll Users TempCookiesTemporary

Reply to charlotte0307's discussion or Start your own discussion Back to top Sort by: Oldest Latest Most Votes Report as inappropriate Advertising / spam Contains personal information Duplicate post Offensive topic Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013 UNITE member since 2006 I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.Don't post your log into other user's topic, create a new one. Once I try to search for the file I get the blue physical memory dump screen and it restarts.

It first shows up as a pop-up notification window, lableld "Windows Security Alert" in the bottom right, and then two more windows show up that further indicate the need to install This will start ComboFix again. 7. Anyway, I will post the logs in two separate posts so they are easier for you to identify, here are the MBAM logs:Malwarebytes' Anti-Malware 1.39Database version: 2421Windows 5.1.2600 Service Pack 27/15/2009 Why? ★1 stevie2582 charlotte0307 • over a year ago Hi Charlotte I have been reading your post about head lice I got them about 2 years ago I tried all the

Make sure you don't install toolbar if choose Foxit Reader! It makes removing the eggs really easy.First... Path: C:\Documents and Settings\Evan\Local Settings\Application Data\Microsoft\Messenger\carlycunningham0406@hotmail.com\SharingMetadata\lauren.macleod@hotmail.com\DFSR\Staging\CS BOTTOM BUTTONS 2\56\1218- BOTTOM BUTTONS 1-v156- BOTTOM BUTTONS 0-v1218-Downloaded.frx Status: Locked to the Windows API! Contents of the 'Scheduled Tasks' folder 2009-06-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 02:57] . - - - - ORPHANS REMOVED - - - - HKLM-Run-edatasecurity loader - c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe

That seems to catch it right away after I reboot, gives me a warning and from I gather, isolates it. Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013 UNITE member since 2006 I don't help with logs thru PM so don't bother to post me one. Path: C:\Documents and Settings\Evan\Local Settings\Application Data\Microsoft\Messenger\carlycunningham0406@hotmail.com\SharingMetadata\fluffybutt22@hotmail.com\DFSR\Staging\CS google_ad_client = "ca-pub-3249370012249755"; /* Forums - Topics inTopics */ google_ad_slot = "8738858284"; google_ad_width = 728; google_ad_height = 90; //0\08\832-post:13415199-v108-post:13415198-v832-Downloaded.frx Status: Locked to the Windows API! c:\windows\system32\gsf83iujid.dll C:\wyhgm.exe C:\blnqxlg.exe C:\giyghshu.exe C:\mupwjiav.exe C:\chfyosn.exe C:\oxyyxwn.exe c:\windows\ld10.exe c:\windows\system32\drivers\4511078.sys c:\windows\system32\drivers\338988a8.sys c:\windows\system32\uacinit.dll 32768 bytes c:\windows\system32\uactmp.db These two are in your startup folder fmnupd32.exe zqosys32.exe 0 Discussion Starter tube 7 Years Ago File

It may or may not be relevant that it found a hidden driver "a5fmvs9r"Is there anything else I could try? Post new HJT log. 0 Discussion Starter tube 7 Years Ago I do not see TDSSserv as an option. Nothing has worked! Path: C:\Documents and Settings\Evan\Local Settings\Application Data\Microsoft\Messenger\carlycunningham0406@hotmail.com\SharingMetadata\lauren.macleod@hotmail.com\DFSR\Staging\CSpost:13453132\43\1248-post:13453131-v243-post:13453130-v1248-Downloaded.frx Status: Locked to the Windows API!

Shall I just paste the contents of the Kapersky, ComboFix and DDS logs to a reply or shall I upload them to another site? When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. When I rebooted the screen was blue and a boot cleaner came up and initialized ckaafkkerqmyugky.dll and cfrdxdijbmienkkc.dll. P2P downloads are nowadays one of those things that most likely bring infection into the system.

Please use "Reply to this topic" -button while replying. They seem to be interfering with firefox - causing links from google to lead to the wrong sites.