Backdoor.Tidserv!inf

View previous topic View next topic Go down

Backdoor.Tidserv!inf

Post by kim62 on Wed Dec 03, 2008 11:25 pm

I have been infected as many others with the above virus. I ran the fix thing that was suggest and this is the report.txt

Username "Jilly" - 12/03/2008 15:11:53 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"TPNF"="C:\\Program Files\\TOSHIBA\\TouchPad\\TPTray.exe"
"CeEKEY"="C:\\Program Files\\TOSHIBA\\E-KEY\\CeEKey.exe"
"NDSTray.exe"="NDSTray.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"PadTouch"="C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe"
"ZoomingHook"="ZoomingHook.exe"
"SmoothView"="C:\\Program Files\\TOSHIBA\\TOSHIBA Zooming Utility\\SmoothView.exe"
"HWSetup"="C:\\Program Files\\TOSHIBA\\TOSHIBA Applet\\HWSetup.exe hwSetUP"
"TOSHIBA Accessibility"="C:\\Program Files\\TOSHIBA\\Accessibility\\FnKeyHook.exe"
"Tvs"="C:\\Program Files\\Toshiba\\Tvs\\TvsTray.exe"
"SVPWUTIL"="C:\\Program Files\\Toshiba\\Windows Utilities\\SVPWUTIL.exe SVPwUTIL"
"TPSMain"="TPSMain.exe"
"TCtryIOHook"="TCtrlIOHook.exe"
"TFncKy"="TFncKy.exe"
"LtMoh"="C:\\\\Program Files\\\\ltmoh\\\\Ltmoh.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"EPSON Stylus C64 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2C1.EXE /P23 \"EPSON Stylus C64 Series\" /O6 \"USB001\" /M \"Stylus C64\""
"CFSServ.exe"="CFSServ.exe -NoClient"
"EPSON Stylus C88 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIABA.EXE /P23 \"EPSON Stylus C88 Series\" /O6 \"USB002\" /M \"Stylus C88\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton AntiVirus\\osCheck.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"MsnMsgr"="\"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe\" /background"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~


Can you help me get rid of this?
Thanks so much

kim62
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2008-12-03
OS OS : windows xp home
Points Points : 29240
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf

Post by Belahzur on Wed Dec 03, 2008 11:30 pm

FixWareout is for DNS hijacking, I see no signs of a DNS hijack from the report.
Please read this thread:
[You must be registered and logged in to see this link.]
And post a Hijack This log here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf

Post by Doctor Inferno on Wed Dec 17, 2008 2:01 pm

Due to lack of feedback, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12017
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104594
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum