Win32TrojanTDSS Infection

View previous topic View next topic Go down

Win32TrojanTDSS Infection

Post by kitperry on 22nd June 2009, 6:44 pm

hello - another laptop with an infection. I am remoted to the laptop so rebooting is very difficult (to get re-connected).

I have downloaded hijackthis but can't get it to install, nor malwarebytes. I'm attaching a screen shot if that is of any help. I've ran Ad-Aware (already installed) several times. It finds the infected files, asks for a reboot, does a dump, but doesn't apparently get rid of it.

Any help is appreciated.


kitperry
Intermediate
Intermediate

Posts Posts : 86
Joined Joined : 2009-01-15
OS OS : windows xp sp2
Points Points : 29273
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32TrojanTDSS Infection

Post by Origin on 22nd June 2009, 6:45 pm

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

Note: This tool was posted specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


2. Now, start The Avenger program by clicking on its icon on your desktop.

  • Leave the script box empty.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
3. Please copy/paste the content of c:\avenger.txt into your reply.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32TrojanTDSS Infection

Post by kitperry on 22nd June 2009, 7:21 pm

No avenger.txt created. Machine originally blue screened and had to be hard rebooted. Anything else I can do other than running avenger again and rebooting?

thanks,

kitperry
Intermediate
Intermediate

Posts Posts : 86
Joined Joined : 2009-01-15
OS OS : windows xp sp2
Points Points : 29273
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32TrojanTDSS Infection

Post by Belahzur on 22nd June 2009, 7:23 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32TrojanTDSS Infection

Post by Origin on 22nd June 2009, 7:25 pm

The user can't seem to install HJT Belahzur, are you having trouble installing it or is it already installed and you just can't seem to run it?


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32TrojanTDSS Infection

Post by kitperry on 22nd June 2009, 7:59 pm

Can't install hjtinstall.exe

Also awaiting user's return as the machine is locked up during reboot.

kitperry
Intermediate
Intermediate

Posts Posts : 86
Joined Joined : 2009-01-15
OS OS : windows xp sp2
Points Points : 29273
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32TrojanTDSS Infection

Post by Origin on 22nd June 2009, 8:10 pm

Download the GMER rootkit scan from here: [You must be registered and logged in to see this link.]

  1. Unzip it and start GMER.
  2. Click the >>> tab and then click the Scan button.
  3. Once done, click the Copy button.
  4. This will copy the results to your clipboard.
  5. Paste the results in your next reply.
Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32TrojanTDSS Infection

Post by kitperry on 26th June 2009, 3:15 am

Don't mean to bump this but the laptop in question BSOD'd and was reformatted, so topic can be closed.

Did get rid of the virus!

kitperry
Intermediate
Intermediate

Posts Posts : 86
Joined Joined : 2009-01-15
OS OS : windows xp sp2
Points Points : 29273
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum