Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

View previous topic View next topic Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by Sneakyone on Thu Jul 01, 2010 12:04 pm

Reboot and see if it still detects them, also follow instructions for removing the tools as it will detect some of them and quarantined files.


=====
Here are some recommendations:

Free Antivirus programs:
1. [You must be registered and logged in to see this link.]
2. [You must be registered and logged in to see this link.]
3. [You must be registered and logged in to see this link.]

Free firewalls:
1. [You must be registered and logged in to see this link.]
2. [You must be registered and logged in to see this link.]

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56104
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on Thu Jul 01, 2010 12:05 pm

C:\WINDOWS\system32\drivers .....that is the location of all of them that pop up

duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24271
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by Sneakyone on Thu Jul 01, 2010 12:06 pm

Hmmm, what are the file names that it detects?

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56104
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by Sneakyone on Thu Jul 01, 2010 1:44 pm

Hi,

Please remove what it finds and reboot and see if that solves it.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56104
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on Thu Jul 01, 2010 1:47 pm

i think all of the fakeAV!gen31's are gone.......thanks.....and sorry for the delay ...i restarted my comp....logged in.....and 8 Backdoor.Tidserv!inf's came up in as many seconds.....6 are in the file ''C:\WINDOWS\system32\drivers\isapnp.sys'' and 2 are in ''C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP260\A0147086.sys'' what should i do.....i have not updated system restore or removed the tools or updated any programmes yet as these threats came up one after another.....

duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24271
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on Thu Jul 01, 2010 1:51 pm

just to let you know....symantic antivirus was finding Backdoor.Tidserv!gen31's as i was doing the malware scan, the commy.exe scan, and the online ECET scan.... in other words i think that as i am getting rid of them ....more are just coming along for the party as i do Smile

duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24271
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by Sneakyone on Thu Jul 01, 2010 1:58 pm

Hi,

Please end all the scans you are doing as it will only make matters worse, I have a specific fix to get rid of this infection, I am waiting for it to be approved.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56104
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on Thu Jul 01, 2010 1:58 pm

what im thinking is.....should i update all my stuff....(you tell me what i need to update and i will), and get the Microsoft Security Essentials and Tallemu Online Armour and get rid of Internet Explorer and get Firefox, get Mcafee siteadvisor and update the Java and Adobe then run all the scans again? wont this like ehlp to prevent them from getting back in once im scanning to deleat them?....

duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24271
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on Thu Jul 01, 2010 1:59 pm

oh okay...thank you ill wait for your specific fix Smile cheers...i wont do anything untill you tell me to ......Smile

duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24271
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by Sneakyone on Thu Jul 01, 2010 2:00 pm

Hi duck_boi_97, Smile

Please read the following through carefully so that you understand what to do.

  • Download [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)


    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v


  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • It may ask you to reboot the computer to complete the process. Allow it to do so.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56104
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on Thu Jul 01, 2010 2:24 pm

here is the TDSKiller.txt:

19:05:15:812 3780 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
19:05:15:812 3780 ================================================================================
19:05:15:812 3780 SystemInfo:

19:05:15:812 3780 OS Version: 5.1.2600 ServicePack: 3.0
19:05:15:812 3780 Product type: Workstation
19:05:15:812 3780 ComputerName: HOME-UKBQQ2GE7I
19:05:15:812 3780 UserName: Linda
19:05:15:812 3780 Windows directory: C:\WINDOWS
19:05:15:812 3780 System windows directory: C:\WINDOWS
19:05:15:812 3780 Processor architecture: Intel x86
19:05:15:812 3780 Number of processors: 2
19:05:15:812 3780 Page size: 0x1000
19:05:15:828 3780 Boot type: Normal boot
19:05:15:828 3780 ================================================================================
19:05:16:187 3780 Initialize success
19:05:16:187 3780
19:05:16:187 3780 Scanning Services ...
19:05:16:750 3780 Raw services enum returned 371 services
19:05:16:765 3780
19:05:16:765 3780 Scanning Drivers ...
19:05:17:843 3780 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:05:17:921 3780 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:05:17:984 3780 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:05:18:046 3780 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
19:05:18:093 3780 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
19:05:18:203 3780 alcan5wn (0940030d5a5869067ccc03e3b0b8dec7) C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
19:05:18:250 3780 alcaudsl (4c9577888c53243e2991456f510488a1) C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
19:05:18:343 3780 AnyDVD (217608997692abced29c10eaecaed9ac) C:\WINDOWS\system32\Drivers\AnyDVD.sys
19:05:18:406 3780 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:05:18:500 3780 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:05:18:562 3780 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:05:18:703 3780 ati2mtag (5e3603e9fba29e01f5ffc108276b3005) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:05:18:812 3780 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:05:18:906 3780 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:05:18:984 3780 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:05:19:046 3780 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:05:19:093 3780 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:05:19:156 3780 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:05:19:187 3780 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:05:19:218 3780 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:05:19:312 3780 CDRPDACC (30b37c18e1725eb9f25039e9a1fb9b7e) C:\Program Files\321Studios\Shared\CDRPDACC.SYS
19:05:19:312 3780 Suspicious file (NoAccess): C:\Program Files\321Studios\Shared\CDRPDACC.SYS. md5: 30b37c18e1725eb9f25039e9a1fb9b7e
19:05:19:421 3780 ctac32k (85e83e05f4e39139ee91826db0e2d615) C:\WINDOWS\system32\drivers\ctac32k.sys
19:05:19:468 3780 ctaud2k (03cad57b596c4c73dfd71a291b378f47) C:\WINDOWS\system32\drivers\ctaud2k.sys
19:05:19:531 3780 ctdvda2k (437f2b31ba8b6b264d38b4fe6682faec) C:\WINDOWS\system32\drivers\ctdvda2k.sys
19:05:21:234 3780 ctgame (bfc40092329cf4ab838cc4a6f2fad659) C:\WINDOWS\system32\DRIVERS\ctgame.sys
19:05:21:343 3780 ctprxy2k (125440243b009f52f58a4e3c3b3d2d1c) C:\WINDOWS\system32\drivers\ctprxy2k.sys
19:05:21:375 3780 ctsfm2k (cd223ea8bebbcd70681f351ba0dd450f) C:\WINDOWS\system32\drivers\ctsfm2k.sys
19:05:21:437 3780 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:05:21:515 3780 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:05:21:562 3780 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:05:21:593 3780 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:05:21:609 3780 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:05:21:656 3780 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:05:21:703 3780 ElbyCDIO (0f8fc7267da4d70e054f17c6a8c5eaba) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
19:05:21:750 3780 emupia (0821c2daa7a420f163421fd11522d2ac) C:\WINDOWS\system32\drivers\emupia2k.sys
19:05:21:781 3780 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:05:21:796 3780 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:05:21:828 3780 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:05:21:843 3780 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:05:21:906 3780 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:05:21:953 3780 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
19:05:21:984 3780 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:05:22:000 3780 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:05:22:031 3780 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:05:22:046 3780 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:05:22:125 3780 ha10kx2k (e522be391cab1a8152e355b625a55402) C:\WINDOWS\system32\drivers\ha10kx2k.sys
19:05:22:203 3780 hap16v2k (eb5cc31ffe54d84e0f49f51a85c89cac) C:\WINDOWS\system32\drivers\hap16v2k.sys
19:05:22:234 3780 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:05:22:281 3780 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:05:22:328 3780 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:05:22:343 3780 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:05:22:406 3780 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:05:22:437 3780 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:05:22:484 3780 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:05:22:515 3780 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:05:22:546 3780 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:05:22:593 3780 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:05:22:625 3780 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:05:22:656 3780 isapnp (2b28ce7784de97af2e281ef4aa07e750) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:05:22:750 3780 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\isapnp.sys. md5: 2b28ce7784de97af2e281ef4aa07e750
19:05:22:750 3780 File "C:\WINDOWS\system32\DRIVERS\isapnp.sys" infected by TDSS rootkit ... 19:05:24:500 3780 Backup copy found, using it..
19:05:24:531 3780 will be cured on next reboot
19:05:24:718 3780 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:05:24:812 3780 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:05:24:890 3780 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
19:05:24:937 3780 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:05:25:015 3780 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:05:25:125 3780 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:05:25:203 3780 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:05:25:234 3780 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:05:25:343 3780 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:05:25:437 3780 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:05:25:500 3780 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:05:25:625 3780 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:05:25:718 3780 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:05:25:765 3780 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:05:25:796 3780 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:05:25:890 3780 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:05:26:000 3780 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:05:26:031 3780 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:05:26:078 3780 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
19:05:26:156 3780 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:05:26:328 3780 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100611.003\naveng.sys
19:05:26:406 3780 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100611.003\navex15.sys
19:05:26:562 3780 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:05:26:640 3780 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:05:26:703 3780 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:05:26:765 3780 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:05:26:828 3780 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:05:26:890 3780 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
19:05:26:937 3780 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:05:26:968 3780 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:05:27:031 3780 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:05:27:078 3780 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:05:27:234 3780 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:05:27:281 3780 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:05:27:343 3780 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:05:27:375 3780 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:05:27:406 3780 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:05:27:468 3780 ossrv (e0731d7dd52c029166d889a230ae2b34) C:\WINDOWS\system32\drivers\ctoss2k.sys
19:05:27:500 3780 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:05:27:531 3780 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:05:27:609 3780 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:05:27:656 3780 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:05:27:703 3780 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:05:27:734 3780 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:05:27:828 3780 Pcouffin (c3224a794b4fe2f6d0d5434a9fcad26d) C:\WINDOWS\system32\Drivers\Pcouffin.sys
19:05:28:000 3780 PCTCore (807ff1dd6e1bdf8e7d2062fca0daecaf) C:\WINDOWS\system32\drivers\PCTCore.sys
19:05:28:203 3780 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\System32\PfModNT.sys
19:05:28:250 3780 Point32 (08b11f5c60edca255b18cedef8efba2a) C:\WINDOWS\system32\DRIVERS\point32.sys
19:05:28:328 3780 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:05:28:390 3780 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
19:05:28:468 3780 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:05:28:656 3780 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:05:28:828 3780 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:05:29:046 3780 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:05:29:078 3780 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:05:29:109 3780 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:05:29:140 3780 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:05:29:171 3780 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:05:29:203 3780 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:05:29:328 3780 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
19:05:29:390 3780 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:05:29:468 3780 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
19:05:29:593 3780 SAVRT (c8023be4dda22a52cd2f60d9cb9b3985) C:\Program Files\Symantec AntiVirus\savrt.sys
19:05:29:687 3780 SAVRTPEL (30547fd7692dc799a0b397b2b918a158) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
19:05:29:953 3780 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:05:30:031 3780 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:05:30:109 3780 Serial (92a997632090cc691d1c65d905ffe5cb) C:\WINDOWS\system32\DRIVERS\serial.sys
19:05:30:265 3780 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\serial.sys. md5: 92a997632090cc691d1c65d905ffe5cb
19:05:30:265 3780 File "C:\WINDOWS\system32\DRIVERS\serial.sys" infected by TDSS rootkit ... 19:05:31:984 3780 Backup copy found, using it..
19:05:32:015 3780 will be cured on next reboot
19:05:32:187 3780 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:05:32:281 3780 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:05:32:343 3780 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:05:32:375 3780 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:05:32:437 3780 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
19:05:32:484 3780 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:05:32:562 3780 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:05:32:609 3780 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:05:32:921 3780 SymEvent (42123611a49c33536ab29bdd852a9f5e) C:\Program Files\Symantec\SYMEVENT.SYS
19:05:33:031 3780 SYMREDRV (8ddb430ea48468c156db872a214178fc) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
19:05:33:062 3780 SYMTDI (ec1a39493fb104d317e8271162a74b94) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
19:05:33:156 3780 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:05:33:218 3780 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:05:33:281 3780 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:05:33:328 3780 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:05:33:375 3780 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:05:33:437 3780 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:05:33:531 3780 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:05:33:625 3780 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
19:05:33:687 3780 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:05:33:765 3780 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:05:33:796 3780 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:05:33:859 3780 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:05:33:921 3780 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:05:33:984 3780 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:05:34:046 3780 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:05:34:093 3780 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:05:34:140 3780 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
19:05:34:171 3780 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:05:34:234 3780 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:05:34:265 3780 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:05:34:312 3780 WBHWDOCT (28c06318589be222b3df3eb025c5d158) C:\WINDOWS\system32\drivers\WBHWDOCT.sys
19:05:34:375 3780 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:05:34:421 3780 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:05:34:468 3780 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:05:34:531 3780 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:05:34:593 3780 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:05:34:609 3780 Reboot required for cure complete..
19:05:35:234 3780 Cure on reboot scheduled successfully
19:05:35:234 3780
19:05:35:234 3780 Completed
19:05:35:234 3780
19:05:35:234 3780 Results:
19:05:35:234 3780 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
19:05:35:234 3780 File objects infected / cured / cured on reboot: 2 / 0 / 2
19:05:35:234 3780
19:05:35:250 3780 KLMD(ARK) unloaded successfully

duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24271
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by Sneakyone on Thu Jul 01, 2010 2:38 pm

Hi duck_boi_97, Smile

TDSS is gone now (Gunsmoke), one last check.

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56104
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on Thu Jul 01, 2010 2:42 pm

i still have malwarebytes Anti-Malware on the computer.....can i use it or should i re-install it again?

duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24271
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by Sneakyone on Thu Jul 01, 2010 2:45 pm

You can use it, just do a quick scan and post the log here. Smile

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56104
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on Thu Jul 01, 2010 3:14 pm

This is the log from the Malwarebytes' Anti-Malware Quick Scan:

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4262

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

01/07/2010 19:59:21
mbam-log-2010-07-01 (19-59-21).txt

Scan type: Quick scan
Objects scanned: 150265
Time elapsed: 12 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24271
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by Sneakyone on Thu Jul 01, 2010 3:30 pm

Hi duck_boi_97, Smile

Alrighty, I see no more malware on your computer, so please follow the instructions here: [You must be registered and logged in to see this link.]

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56104
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on Thu Jul 01, 2010 3:43 pm

i am very sorry ....i know this is becoming a pain but one more Backdoor.Tidserv!inf has jsut popped up as being found by the stmantic anti-virus.....it is in the file '' C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP260\A0147086.sys''

i am so sorry for this messing about Sad tearing

duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24271
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by Sneakyone on Thu Jul 01, 2010 3:44 pm

That is in your system restore point, like I said follow the instructions first for clearing your system restore points and that will be gone. Right On!

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56104
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on Thu Jul 01, 2010 3:59 pm

oh okay mate cheers...and thanks a million for everything......ill give you another post when ive followed the instrustions.......youll be a technition in no time **thumbs up**

duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24271
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by Sneakyone on Thu Jul 01, 2010 4:06 pm

You're welcome, glad to help out Smile

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56104
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on Fri Jul 02, 2010 9:21 am

hi again sorry to carry on lol.....but i just logged into the second user (have one under the name Linda.....and one under the name Ian...yesterday i was on Linda now i am on Ian) and 18 notifications have popped up telling me of tidserv's again.....these are the files they are in.....

C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP260\A0147086.sys

C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP261\A0147097.sys

C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP261\A0150077.sys

C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP261\A0150088.sys

C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP262\A0150098.sys

i dont know what to do or how to get rid of them and i thought its best to ask you rather than try and sort it out and make it worse....otherwise all of yesterday and the night before that would be wasted...cheers Smile







duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24271
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by Sneakyone on Fri Jul 02, 2010 12:09 pm

Hi, Smile

Have you reset your restore points?

They are not actually existing on your computer, but if you use system restore you will reinfect yourself.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56104
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum