HELP! Backdoor.tidserv!inf

View previous topic View next topic Go down

Solved HELP! Backdoor.tidserv!inf

Post by thajyeeb on Fri Dec 05, 2008 6:52 am

Norton said i have Backdoor.tidserv!inf
and i don't know how to remove it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:22 AM, on 12/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Topmost Clock\TopMostClock.exe
C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Lia Yang\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe
O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TopmostClock] C:\Program Files\Topmost Clock\TopMostClock.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: LENOVO - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - [You must be registered and logged in to see this link.] (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: System Repair Windows Update Monitor (System_Repair_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe

--
End of file - 8760 bytes



Uninstall list-

Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
AppCore
a-squared Anti-Malware 4.0
AV
Avira AntiVir Personal - Free Antivirus
Broadcom Gigabit Integrated Controller
Broadcom WLAN
ccCommon
CCleaner (remove only)
Digsby
Energy Management
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Intel(R) Graphics Media Accelerator Driver
Internet Worm Protection
Java(TM) 6 Update 11
Java(TM) 6 Update 7
Lenovo OneKey Recovery
Lenovo System Repair - Windows Update Monitor
LimeWire PRO 4.18.8
LiveUpdate 3.1 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
MediaMonkey 3.0
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Mozilla Firefox (3.0.4)
MSN
MSXML 6.0 Parser (KB925673)
Norton AntiVirus
Norton AntiVirus (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
OpenOffice.org 3.0
Realtek Card Reader
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SPBBC 32bit
Spyware Doctor 6.0
Symantec
Synaptics Pointing Device Driver
Topmost Clock
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
VLC media player 0.9.6
Windows Communication Foundation
Windows Internet Explorer 7
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Install Manager
Yahoo! Toolbar

thajyeeb
Novice
Novice

Posts Posts : 25
Joined Joined : 2008-12-05
OS OS : Windows XP Home Edition
Points Points : 29223
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: HELP! Backdoor.tidserv!inf

Post by Belahzur on Fri Dec 05, 2008 3:01 pm

Hello.
No malware showing in the log.


  • Download random's system information tool (RSIT) by random/random from [You must be registered and logged in to see this link.] and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<< will be maximized) and info.txt (<< will be minimized)


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: HELP! Backdoor.tidserv!inf

Post by thajyeeb on Fri Dec 05, 2008 3:50 pm

thank you so much for answering
okay. I ran RSIT, but i only got the log txt i didn't get the info txt. I did it in safe mode and i got both. so should i post the one from there?
BTW norton said it's located in
c:\documents and settings\liayang\local settings\temp\tdss5dc.tmp
but i couldn't find that folder.

ok here it is..

Logfile of random's system information tool 1.04 (written by random/random)
Run by Lia Yang at 2008-12-05 09:43:25
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 97 GB (91%) free of 106 GB
Total RAM: 1014 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:43:30 AM, on 12/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Topmost Clock\TopMostClock.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lia Yang\Desktop\RSIT(2).exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Lia Yang\Desktop\Lia Yang.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe
O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TopmostClock] C:\Program Files\Topmost Clock\TopMostClock.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: LENOVO - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - [You must be registered and logged in to see this link.] (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: System Repair Windows Update Monitor (System_Repair_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe

--
End of file - 8770 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Lia Yang.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-04 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-04 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-04 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-28 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-28 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-28 137752]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-29 16805888]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"AzMixerSel"=C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe [2006-07-17 53248]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-05-23 1146880]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"EnergyUtility"=C:\Program Files\Lenovo\Energy Management\utility.exe [2008-07-24 4462464]
"Energy Management"=C:\Program Files\Lenovo\Energy Management\Energy Management.exe [2008-07-24 1283984]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-09-02 84640]
"osCheck"=C:\Program Files\Norton AntiVirus\osCheck.exe [2006-09-05 26248]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-13 208952]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2008-04-14 44032]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-13 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-13 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-13 455168]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-04 136600]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"a-squared"=C:\Program Files\a-squared Anti-Malware\a2guard.exe [2008-11-20 2780816]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"TopmostClock"=C:\Program Files\Topmost Clock\TopMostClock.exe [2002-09-07 540672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\iCall\iCall.exe"="C:\Program Files\iCall\iCall.exe:*:Disabled:iCall"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

thajyeeb
Novice
Novice

Posts Posts : 25
Joined Joined : 2008-12-05
OS OS : Windows XP Home Edition
Points Points : 29223
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: HELP! Backdoor.tidserv!inf

Post by thajyeeb on Fri Dec 05, 2008 3:51 pm

======List of files/folders created in the last 1 months======

2008-12-05 15:27:03 ----D---- C:\Documents and Settings\Lia Yang\Application Data\Yahoo!
2008-12-05 15:26:03 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-12-05 15:06:21 ----D---- C:\Documents and Settings\All Users\Application Data\Digsby
2008-12-05 14:47:40 ----D---- C:\Documents and Settings\Lia Yang\Application Data\Digsby
2008-12-05 14:46:59 ----D---- C:\Program Files\Digsby
2008-12-05 14:31:01 ----A---- C:\WINDOWS\system32\Thawbrkr.dll
2008-12-05 14:31:00 ----A---- C:\WINDOWS\system32\c_iscii.dll
2008-12-05 14:30:58 ----A---- C:\WINDOWS\system32\kbdusa.dll
2008-12-05 14:30:53 ----A---- C:\WINDOWS\system32\ftlx041e.dll
2008-12-05 14:30:16 ----A---- C:\WINDOWS\system32\korwbrkr.dll
2008-12-05 14:30:16 ----A---- C:\WINDOWS\system32\chtbrkr.dll
2008-12-05 14:30:16 ----A---- C:\WINDOWS\system32\chsbrkr.dll
2008-12-05 14:30:15 ----A---- C:\WINDOWS\system32\msir3jp.dll
2008-12-05 14:30:02 ----A---- C:\WINDOWS\system32\kbd101a.dll
2008-12-05 14:29:57 ----A---- C:\WINDOWS\system32\kbdnecNT.dll
2008-12-05 14:29:57 ----A---- C:\WINDOWS\system32\kbdnecAT.dll
2008-12-05 14:29:57 ----A---- C:\WINDOWS\system32\kbdnec95.dll
2008-12-05 14:29:48 ----A---- C:\WINDOWS\system32\c_is2022.dll
2008-12-05 14:13:26 ----A---- C:\WINDOWS\system32\kbdkor.dll
2008-12-05 14:13:26 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2008-12-05 14:13:26 ----A---- C:\WINDOWS\system32\kbd103.dll
2008-12-05 14:13:26 ----A---- C:\WINDOWS\system32\kbd101c.dll
2008-12-05 14:13:22 ----A---- C:\WINDOWS\system32\kbd101b.dll
2008-12-05 14:13:20 ----A---- C:\WINDOWS\system32\kbd106.dll
2008-12-05 14:01:02 ----D---- C:\Program Files\Topmost Clock
2008-12-05 12:33:44 ----D---- C:\WINDOWS\system32\LogFiles
2008-12-05 11:22:34 ----HD---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-05 09:32:15 ----D---- C:\rsit
2008-12-05 00:57:38 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-12-05 00:53:43 ----A---- C:\WINDOWS\system32\msvcr80.dll
2008-12-05 00:04:31 ----D---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-05 00:04:14 ----D---- C:\Program Files\Spyware Doctor
2008-12-05 00:04:14 ----D---- C:\Documents and Settings\Lia Yang\Application Data\PC Tools
2008-12-04 23:44:22 ----HD---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-04 23:44:15 ----HD---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-04 23:44:08 ----HD---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-04 23:44:01 ----HD---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-04 23:43:54 ----HD---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-04 23:43:10 ----HD---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-04 23:43:02 ----HD---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-04 23:42:55 ----HD---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-04 23:42:47 ----D---- C:\WINDOWS\ie7updates
2008-12-04 23:42:36 ----HD---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-04 23:42:27 ----HD---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-04 23:42:20 ----HD---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-04 23:42:13 ----HD---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-12-04 23:42:04 ----HD---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-04 23:41:57 ----HD---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-04 23:41:50 ----HD---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-04 23:41:44 ----HD---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-04 23:41:37 ----HD---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-04 23:41:32 ----A---- C:\WINDOWS\imsins.BAK
2008-12-04 23:41:27 ----HD---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-04 22:11:14 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-04 22:05:46 ----D---- C:\Program Files\Yahoo!
2008-12-04 22:05:39 ----D---- C:\Program Files\CCleaner
2008-12-04 21:59:20 ----D---- C:\Program Files\a-squared Anti-Malware
2008-12-04 21:46:19 ----D---- C:\Program Files\Avira
2008-12-04 21:46:19 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-12-04 20:20:28 ----D---- C:\Documents and Settings\Lia Yang\Application Data\Malwarebytes
2008-12-04 20:20:19 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-04 20:20:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-04 19:51:08 ----A---- C:\WINDOWS\system32\ICAutoUpdate.log.bak
2008-12-04 19:33:56 ----D---- C:\Documents and Settings\Lia Yang\Application Data\Google
2008-12-04 19:31:06 ----D---- C:\WINDOWS\system32\PreInstall
2008-12-04 19:31:04 ----HD---- C:\WINDOWS\$NtUninstallKB898461$
2008-12-04 18:27:28 ----D---- C:\Documents and Settings\Lia Yang\Application Data\Macromedia
2008-12-04 18:24:28 ----D---- C:\Program Files\uTorrent
2008-12-04 18:24:25 ----D---- C:\Documents and Settings\Lia Yang\Application Data\uTorrent
2008-12-04 18:22:54 ----D---- C:\Program Files\Mozilla Firefox
2008-12-04 18:10:50 ----D---- C:\Documents and Settings\Lia Yang\Application Data\OpenOffice.org
2008-12-04 18:08:04 ----D---- C:\Documents and Settings\Lia Yang\Application Data\vlc
2008-12-04 18:06:11 ----D---- C:\Program Files\JRE
2008-12-04 18:06:05 ----D---- C:\Program Files\OpenOffice.org 3
2008-12-04 18:05:46 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-04 18:05:46 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-04 18:05:46 ----A---- C:\WINDOWS\system32\java.exe
2008-12-04 18:05:43 ----D---- C:\Program Files\VideoLAN
2008-12-04 18:04:46 ----D---- C:\Program Files\Common Files\Java
2008-12-04 18:02:58 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-12-04 17:36:25 ----D---- C:\Program Files\MediaMonkey
2008-12-04 17:18:21 ----D---- C:\Documents and Settings\Lia Yang\Application Data\LimeWire
2008-12-04 17:17:59 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-04 17:17:40 ----D---- C:\Program Files\Java
2008-12-04 17:15:09 ----D---- C:\Documents and Settings\Lia Yang\Application Data\Sun
2008-12-04 17:13:00 ----D---- C:\Program Files\LimeWire
2008-12-04 16:48:23 ----SHD---- C:\Config.Msi
2008-12-04 04:18:10 ----D---- C:\Documents and Settings\Lia Yang\Application Data\Adobe
2008-12-04 04:00:20 ----D---- C:\Documents and Settings\Lia Yang\Application Data\Mozilla
2008-12-04 03:52:17 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-12-04 03:40:38 ----D---- C:\Documents and Settings\Lia Yang\Application Data\PlayFirst
2008-12-04 03:40:38 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-12-04 03:36:21 ----ASH---- C:\Documents and Settings\Lia Yang\Application Data\desktop.ini
2008-12-04 03:36:20 ----SD---- C:\Documents and Settings\Lia Yang\Application Data\Microsoft
2008-12-04 03:36:20 ----D---- C:\Documents and Settings\Lia Yang\Application Data\Symantec
2008-12-04 03:36:20 ----D---- C:\Documents and Settings\Lia Yang\Application Data\InstallShield
2008-12-04 03:36:20 ----D---- C:\Documents and Settings\Lia Yang\Application Data\Identities
2008-12-04 02:58:55 ----HD---- C:\WINDOWS\PIF
2008-12-04 02:48:10 ----D---- C:\Program Files\Norton AntiVirus
2008-12-04 02:47:48 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2008-12-04 02:47:34 ----D---- C:\Program Files\Symantec
2008-12-04 02:39:21 ----D---- C:\Program Files\WinRAR
2008-12-04 02:19:38 ----D---- C:\Program Files\DAEMON Tools

======List of files/folders modified in the last 1 months======

2008-12-05 11:28:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-05 09:39:56 ----A---- C:\sysiclog.txt
2008-12-05 01:30:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-04 03:36:04 ----RASH---- C:\boot.ini

thajyeeb
Novice
Novice

Posts Posts : 25
Joined Joined : 2008-12-05
OS OS : Windows XP Home Edition
Points Points : 29223
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: HELP! Backdoor.tidserv!inf

Post by thajyeeb on Fri Dec 05, 2008 3:52 pm

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-10-03 187952]
R2 tvtumon;tvtumon; C:\WINDOWS\system32\DRIVERS\tvtumon.sys [2007-12-13 47680]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\WINDOWS\system32\DRIVERS\AcpiVpc.sys [2008-01-11 9472]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2008-07-25 176640]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-02-20 1286144]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2008-12-04 223128]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-31 4751872]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081204.003\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081204.003\NAVEX15.SYS []
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RTS5121.sys [2008-07-23 157696]
R3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2007-11-30 279088]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2008-10-03 12848]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2008-10-03 146096]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2008-10-03 39984]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20081203.001\SymIDSCo.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2008-10-03 35120]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-10-03 27696]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-05-23 225280]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 Rts516xIR;Realtek IR Driver; C:\WINDOWS\system32\DRIVERS\Rts516xIR.sys []
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 USBCCID;Realtek Smartcard Reader Driver; C:\WINDOWS\system32\DRIVERS\Rts5161ccid.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WimFltr;WimFltr; C:\WINDOWS\system32\DRIVERS\wimfltr.sys [2007-05-23 128104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WSVD;WSVD; \??\C:\WINDOWS\system32\drivers\WSVD.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2AntiMalware;a-squared Anti-Malware Service; C:\Program Files\a-squared Anti-Malware\a2service.exe [2008-11-20 419448]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-09-02 198336]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-09-02 105632]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-09-02 105632]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-09-02 105632]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-04 152984]
R2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-09-02 105632]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]
R2 SymAppCore;Symantec AppCore Service; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2006-09-01 46736]
R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor; C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe [2008-07-29 430080]
S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 ISPwdSvc;Symantec IS Password Validation; C:\Program Files\Norton AntiVirus\isPwdSvc.exe [2006-09-05 79496]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-02 2528960]
S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-12-04 1251720]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

thajyeeb
Novice
Novice

Posts Posts : 25
Joined Joined : 2008-12-05
OS OS : Windows XP Home Edition
Points Points : 29223
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: HELP! Backdoor.tidserv!inf

Post by thajyeeb on Fri Dec 05, 2008 4:01 pm

I tried it in safe mode again but there wasn't the info.txt this time.
???

thajyeeb
Novice
Novice

Posts Posts : 25
Joined Joined : 2008-12-05
OS OS : Windows XP Home Edition
Points Points : 29223
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: HELP! Backdoor.tidserv!inf

Post by Belahzur on Fri Dec 05, 2008 4:08 pm

Doesn't matter, don't need info.txt.
The main log above is the one I wanted most.
You can't find the temp folder because it has hidden attributes.
The tdss temp file is harmless.

Download [You must be registered and logged in to see this link.]

  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:

  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:

  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

The temp file should be gone now, what else is Norton flagging?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: HELP! Backdoor.tidserv!inf

Post by thajyeeb on Fri Dec 05, 2008 4:35 pm

thank you soooo... much. it's gone now. but i think i have a sinowal.trojan too
this firewall thing against sinowal.trojan keeps popping up and i clicked it
"protect" and it opened a window that said i needed protection to go to a site, but i don't know how legit it is so i didn't click it
it said
Insecure internet activity threat of virus attack
then it gave two links
recommend protect pc full advanced real time protection
and something about going on without protection
...
and now my firefox browser keeps closing , so now i'm in safemode

thajyeeb
Novice
Novice

Posts Posts : 25
Joined Joined : 2008-12-05
OS OS : Windows XP Home Edition
Points Points : 29223
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: HELP! Backdoor.tidserv!inf

Post by Belahzur on Fri Dec 05, 2008 4:41 pm

Okay, lets use this.


  • Download combofix from here, use the top links - [You must be registered and logged in to see this link.]
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: HELP! Backdoor.tidserv!inf

Post by thajyeeb on Fri Dec 05, 2008 5:06 pm

okay i ran combofix and when my computer rebooted the firewall sinowal.trojan thing popped up again.

here's the combofix log

ComboFix 08-12-05.01 - Lia Yang 2008-12-05 10:46:40.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.509 [GMT -6:00]
Running from: c:\documents and settings\Lia Yang\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\TDSSjnispvun.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-11-05 to 2008-12-05 )))))))))))))))))))))))))))))))
.

2008-12-05 15:27 . 2008-12-05 15:27 d-------- c:\documents and settings\Lia Yang\Application Data\Yahoo!
2008-12-05 15:26 . 2008-12-05 15:26 d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2008-12-05 15:06 . 2008-12-05 15:06 d-------- c:\documents and settings\All Users\Application Data\Digsby
2008-12-05 14:47 . 2008-12-05 14:47 d-------- c:\documents and settings\Lia Yang\Application Data\Digsby
2008-12-05 14:46 . 2008-12-05 14:47 d-------- c:\program files\Digsby
2008-12-05 14:31 . 2008-04-14 20:00 185,344 --a------ c:\windows\system32\Thawbrkr.dll
2008-12-05 14:31 . 2008-04-14 20:00 185,344 --a------ c:\windows\system32\dllcache\thawbrkr.dll
2008-12-05 14:31 . 2008-04-14 20:00 10,752 --a------ c:\windows\system32\dllcache\c_iscii.dll
2008-12-05 14:31 . 2008-04-14 20:00 10,752 --a------ c:\windows\system32\c_iscii.dll
2008-12-05 14:29 . 2008-04-14 20:00 471,102 --a------ c:\windows\system32\dllcache\imskdic.dll
2008-12-05 14:13 . 2001-08-17 22:36 8,704 --a------ c:\windows\system32\kbdjpn.dll
2008-12-05 14:13 . 2001-08-17 22:36 8,704 --a------ c:\windows\system32\dllcache\kbdjpn.dll
2008-12-05 14:13 . 2001-08-17 22:36 8,192 --a------ c:\windows\system32\kbdkor.dll
2008-12-05 14:13 . 2001-08-17 22:36 8,192 --a------ c:\windows\system32\dllcache\kbdkor.dll
2008-12-05 14:13 . 2008-04-14 05:39 6,144 --a------ c:\windows\system32\kbd106.dll
2008-12-05 14:13 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101c.dll
2008-12-05 14:13 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101b.dll
2008-12-05 14:13 . 2008-04-14 05:39 6,144 --a------ c:\windows\system32\dllcache\kbd106.dll
2008-12-05 14:13 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\dllcache\kbd101c.dll
2008-12-05 14:13 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\dllcache\kbd101b.dll
2008-12-05 14:13 . 2001-08-17 14:55 5,632 --a------ c:\windows\system32\kbd103.dll
2008-12-05 14:13 . 2001-08-17 14:55 5,632 --a------ c:\windows\system32\dllcache\kbd103.dll
2008-12-05 14:01 . 2008-12-05 14:01 d-------- c:\program files\Topmost Clock
2008-12-05 13:10 . 2008-09-15 06:12 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys
2008-12-05 13:09 . 2008-10-24 05:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-05 13:08 . 2008-04-11 13:04 691,712 --------- c:\windows\system32\dllcache\inetcomm.dll
2008-12-05 13:08 . 2008-05-01 08:33 331,776 --------- c:\windows\system32\dllcache\msadce.dll
2008-12-05 13:07 . 2008-09-08 04:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-12-05 13:07 . 2008-06-13 05:05 272,128 --------- c:\windows\system32\dllcache\bthport.sys
2008-12-05 12:56 . 2008-08-14 04:11 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-05 12:56 . 2008-08-14 04:09 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-05 12:56 . 2008-08-14 03:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-05 12:56 . 2008-08-14 03:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-05 12:51 . 2008-05-08 08:02 203,136 --------- c:\windows\system32\dllcache\rmcast.sys
2008-12-05 12:37 . 2008-10-15 10:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-12-05 12:36 . 2008-09-04 11:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-12-05 12:36 . 2008-08-14 04:04 138,496 --------- c:\windows\system32\dllcache\afd.sys
2008-12-05 12:33 . 2008-12-05 12:33 d-------- c:\windows\system32\LogFiles
2008-12-05 12:13 . 2008-12-05 12:13 16 --a------ c:\windows\popcinfo.dat
2008-12-05 09:32 . 2008-12-05 09:32 d-------- C:\rsit
2008-12-05 00:57 . 2008-12-05 00:57 d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-05 00:53 . 2005-09-23 08:29 626,688 --a------ c:\windows\system32\msvcr80.dll
2008-12-05 00:04 . 2008-12-05 00:04 d-------- c:\program files\Spyware Doctor
2008-12-05 00:04 . 2008-12-05 00:04 d-------- c:\documents and settings\Lia Yang\Application Data\PC Tools
2008-12-05 00:04 . 2008-12-05 00:04 d-------- c:\documents and settings\All Users\Application Data\TEMP
2008-12-05 00:04 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-12-05 00:04 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-12-05 00:04 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-12-05 00:04 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-12-04 23:41 . 2008-12-04 23:44 1,374 --a------ c:\windows\imsins.BAK
2008-12-04 22:05 . 2008-12-04 22:05 d-------- c:\program files\Yahoo!
2008-12-04 22:05 . 2008-12-04 22:05 d-------- c:\program files\CCleaner
2008-12-04 21:59 . 2008-12-04 21:59 d-------- c:\program files\a-squared Anti-Malware
2008-12-04 21:46 . 2008-12-04 21:46 d-------- c:\program files\Avira
2008-12-04 21:46 . 2008-12-04 21:46 d-------- c:\documents and settings\All Users\Application Data\Avira
2008-12-04 20:20 . 2008-12-04 20:20 d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-04 20:20 . 2008-12-04 20:20 d-------- c:\documents and settings\Lia Yang\Application Data\Malwarebytes
2008-12-04 20:20 . 2008-12-04 20:20 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-04 20:20 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-04 20:20 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-04 19:51 . 2008-12-04 23:41 193,960 --a------ c:\windows\system32\ICAutoUpdate.log.bak
2008-12-04 19:33 . 2008-10-12 22:53 d-------- c:\documents and settings\Administrator.LIAYANG\Application Data\Symantec
2008-12-04 19:33 . 2008-10-12 22:01 d-------- c:\documents and settings\Administrator.LIAYANG\Application Data\InstallShield
2008-12-04 19:33 . 2008-12-04 19:33 d-------- c:\documents and settings\Administrator.LIAYANG
2008-12-04 19:33 . 2008-10-12 22:59 703 --a------ c:\documents and settings\Administrator.LIAYANG\set_env.bat
2008-12-04 18:24 . 2008-12-04 18:24 d-------- c:\program files\uTorrent
2008-12-04 18:24 . 2008-12-04 18:24 d-------- c:\documents and settings\Lia Yang\Application Data\uTorrent
2008-12-04 18:23 . 2008-12-04 18:23 0 --a------ c:\windows\nsreg.dat
2008-12-04 18:21 . 2008-05-06 23:12 1,288,192 --------- c:\windows\system32\dllcache\quartz.dll
2008-12-04 18:10 . 2008-12-04 18:10 d-------- c:\documents and settings\Lia Yang\Application Data\OpenOffice.org
2008-12-04 18:08 . 2008-12-04 18:08 d-------- c:\documents and settings\Lia Yang\Application Data\vlc
2008-12-04 18:08 . 2008-12-04 18:13 10,671 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2008-12-04 18:08 . 2008-12-04 18:13 805 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2008-12-04 18:06 . 2008-12-04 18:06 d-------- c:\program files\OpenOffice.org 3
2008-12-04 18:06 . 2008-12-04 18:06 d-------- c:\program files\JRE
2008-12-04 18:05 . 2008-12-04 18:05 d-------- c:\program files\VideoLAN
2008-12-04 18:04 . 2008-12-04 18:04 d-------- c:\program files\Common Files\Java
2008-12-04 17:36 . 2008-12-04 17:36 d-------- c:\program files\MediaMonkey
2008-12-04 17:18 . 2008-12-04 17:18 d-------- c:\documents and settings\Lia Yang\Application Data\LimeWire
2008-12-04 17:17 . 2008-12-04 17:17 d-------- c:\program files\Java
2008-12-04 17:17 . 2008-12-04 17:17 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-04 17:17 . 2008-12-04 17:17 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-04 17:13 . 2008-12-04 17:13 d-------- c:\program files\LimeWire
2008-12-04 03:52 . 2008-12-04 03:52 d-------- c:\documents and settings\All Users\Application Data\Windows Live Toolbar
2008-12-04 03:40 . 2008-12-04 03:40 d-------- c:\documents and settings\Lia Yang\Application Data\PlayFirst
2008-12-04 03:40 . 2008-12-04 03:40 d-------- c:\documents and settings\All Users\Application Data\PlayFirst
2008-12-04 03:36 . 2008-10-12 22:53 d-------- c:\documents and settings\Lia Yang\Application Data\Symantec
2008-12-04 03:36 . 2008-10-12 22:01 d-------- c:\documents and settings\Lia Yang\Application Data\InstallShield
2008-12-04 03:36 . 2008-12-04 03:36 d-------- c:\documents and settings\Lia Yang
2008-12-04 03:36 . 2008-10-12 22:59 703 --a------ c:\windows\system32\config\systemprofile\set_env.bat
2008-12-04 03:36 . 2008-10-12 22:59 703 --a------ c:\documents and settings\Lia Yang\set_env.bat
2008-12-04 03:35 . 2008-10-12 22:59 703 --a------ c:\documents and settings\Default User\set_env.bat
2008-12-04 03:33 . 2008-12-04 03:34 5,208 --a------ c:\windows\system32\pid.PNF
2008-12-04 02:59 . 2008-12-04 02:59 16 --a------ c:\windows\system32\coh.cache
2008-12-04 02:58 . 2008-12-04 02:58 d--h----- c:\windows\PIF
2008-12-04 02:48 . 2008-12-04 02:48 d-------- c:\program files\Norton AntiVirus
2008-12-04 02:47 . 2008-12-04 02:47 d-------- c:\program files\Symantec
2008-12-04 02:47 . 2008-12-04 18:13 123,952 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-04 02:47 . 2008-12-04 18:13 60,800 --a------ c:\windows\system32\S32EVNT1.DLL
2008-12-04 02:19 . 2008-12-04 02:19 d-------- c:\program files\DAEMON Tools
2008-12-04 02:19 . 2008-12-04 02:19 223,128 --a------ c:\windows\system32\drivers\dtscsi.sys
2008-12-04 02:16 . 2008-12-04 02:16 664,064 --a------ c:\windows\system32\drivers\sptd.sys
2008-12-04 02:16 . 2008-12-04 02:16 96,384 --a------ c:\windows\system32\drivers\sptd9917.sys
2008-12-04 00:46 . 2008-12-04 00:46 d-------- c:\documents and settings\Administrator

thajyeeb
Novice
Novice

Posts Posts : 25
Joined Joined : 2008-12-05
OS OS : Windows XP Home Edition
Points Points : 29223
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: HELP! Backdoor.tidserv!inf

Post by thajyeeb on Fri Dec 05, 2008 5:06 pm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-13 04:48 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-10-13 04:47 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-13 04:21 --------- d-----w c:\program files\Windows Live Toolbar
2008-10-13 04:19 --------- d-----w c:\program files\MSBuild
2008-10-13 04:13 --------- d-----w c:\program files\Reference Assemblies
2008-10-13 04:06 --------- d-----w c:\program files\Common Files\Adobe
2008-10-13 04:04 --------- d-----w c:\program files\Lenovo
2008-10-13 04:01 --------- d-----w c:\program files\Synaptics
2008-10-13 04:00 --------- d-----w c:\program files\Broadcom
2008-10-13 03:58 319,488 ----a-w c:\windows\HideWin.exe
2008-10-13 03:58 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-13 03:58 --------- d-----w c:\program files\Realtek
2008-10-13 03:58 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-13 03:54 --------- d-----w c:\program files\Intel
2008-10-03 20:34 625,032 ----a-w c:\windows\system32\SymNeti.dll
2008-10-03 20:34 242,056 ----a-w c:\windows\system32\SymRedir.dll
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 07:19 2,182 ----a-w c:\windows\FINAL_1.BAT
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"TopmostClock"="c:\program files\Topmost Clock\TopMostClock.exe" [2002-09-07 540672]
"vidxhp"="c:\documents and settings\Lia Yang\Application Data\Google\ggqjh22510678.exe" [2008-12-04 124416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-05-23 1146880]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2008-07-24 4462464]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2008-07-24 1283984]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-09-02 84640]
"osCheck"="c:\program files\Norton AntiVirus\osCheck.exe" [2006-09-05 26248]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2008-04-14 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-13 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"a-squared"="c:\program files\a-squared Anti-Malware\a2guard.exe" [2008-11-20 2780816]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-29 c:\windows\RTHDCPL.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-05 356920]
R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe [2008-10-12 430080]
R2 tvtumon;tvtumon;c:\windows\system32\DRIVERS\tvtumon.sys [2008-10-12 47680]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2008-10-12 9472]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-04 99376]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys [2008-10-12 157696]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys []
S3 WSVD;WSVD;\??\c:\windows\system32\drivers\WSVD.sys [2008-10-12 81192]
.
Contents of the 'Scheduled Tasks' folder

2008-12-04 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Lia Yang.job
- c:\progra~1\NORTON~1\Navw32.exe [2006-09-06 20:38]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
FireFox -: Profile - c:\documents and settings\Lia Yang\Application Data\Mozilla\Firefox\Profiles\8qu0srrj.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE -
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-12-05 10:56:41
Windows 5.1.2600 Service Pack 3 FAT NTAPI

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3908)
c:\documents and settings\Lia Yang\Application Data\Google\dfxvideo.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMMON FILES\SYMANTEC SHARED\CCSVCHST.EXE
c:\program files\COMMON FILES\SYMANTEC SHARED\APPCORE\APPSVC32.EXE
c:\program files\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE
c:\program files\A-SQUARED ANTI-MALWARE\A2SERVICE.EXE
c:\program files\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE
c:\program files\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
c:\program files\JAVA\JRE6\BIN\JQS.EXE
c:\program files\SPYWARE DOCTOR\PCTSSVC.EXE
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2008-12-05 11:01:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-05 17:00:54

Pre-Run: 101,205,213,184 bytes free
Post-Run: 101,138,268,160 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

267 --- E O F --- 2008-12-05 05:44:26

thajyeeb
Novice
Novice

Posts Posts : 25
Joined Joined : 2008-12-05
OS OS : Windows XP Home Edition
Points Points : 29223
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: HELP! Backdoor.tidserv!inf

Post by Belahzur on Fri Dec 05, 2008 5:09 pm

Hello.
Don't click anything about the warning, you'll get re-infected.
It should stop right after this special CF run.

Now open a new notepad file.
Input this into the notepad file:

File::
c:\documents and settings\Lia Yang\Application Data\Google\ggqjh22510678.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vidxhp"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: HELP! Backdoor.tidserv!inf

Post by thajyeeb on Fri Dec 05, 2008 5:15 pm

can i do this in safe mode?

thajyeeb
Novice
Novice

Posts Posts : 25
Joined Joined : 2008-12-05
OS OS : Windows XP Home Edition
Points Points : 29223
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: HELP! Backdoor.tidserv!inf

Post by Belahzur on Fri Dec 05, 2008 5:15 pm

Yes. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: HELP! Backdoor.tidserv!inf

Post by thajyeeb on Fri Dec 05, 2008 5:27 pm

how does this look?

ComboFix 08-12-05.01 - Lia Yang 2008-12-05 11:18:06.2 - FAT32x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767 [GMT -6:00]
Running from: c:\documents and settings\Lia Yang\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Lia Yang\Desktop\CFscript.txt

FILE ::
c:\documents and settings\Lia Yang\Application Data\Google\ggqjh22510678.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Lia Yang\Application Data\Google\ggqjh22510678.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-05 to 2008-12-05 )))))))))))))))))))))))))))))))
.

2008-12-05 15:27 . 2008-12-05 15:27 d-------- c:\documents and settings\Lia Yang\Application Data\Yahoo!
2008-12-05 15:26 . 2008-12-05 15:26 d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2008-12-05 15:06 . 2008-12-05 15:06 d-------- c:\documents and settings\All Users\Application Data\Digsby
2008-12-05 14:47 . 2008-12-05 14:47 d-------- c:\documents and settings\Lia Yang\Application Data\Digsby
2008-12-05 14:46 . 2008-12-05 14:47 d-------- c:\program files\Digsby
2008-12-05 14:31 . 2008-04-14 20:00 185,344 --a------ c:\windows\system32\Thawbrkr.dll
2008-12-05 14:31 . 2008-04-14 20:00 185,344 --a------ c:\windows\system32\dllcache\thawbrkr.dll
2008-12-05 14:31 . 2008-04-14 20:00 10,752 --a------ c:\windows\system32\dllcache\c_iscii.dll
2008-12-05 14:31 . 2008-04-14 20:00 10,752 --a------ c:\windows\system32\c_iscii.dll
2008-12-05 14:29 . 2008-04-14 20:00 471,102 --a------ c:\windows\system32\dllcache\imskdic.dll
2008-12-05 14:13 . 2001-08-17 22:36 8,704 --a------ c:\windows\system32\kbdjpn.dll
2008-12-05 14:13 . 2001-08-17 22:36 8,704 --a------ c:\windows\system32\dllcache\kbdjpn.dll
2008-12-05 14:13 . 2001-08-17 22:36 8,192 --a------ c:\windows\system32\kbdkor.dll
2008-12-05 14:13 . 2001-08-17 22:36 8,192 --a------ c:\windows\system32\dllcache\kbdkor.dll
2008-12-05 14:13 . 2008-04-14 05:39 6,144 --a------ c:\windows\system32\kbd106.dll
2008-12-05 14:13 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101c.dll
2008-12-05 14:13 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101b.dll
2008-12-05 14:13 . 2008-04-14 05:39 6,144 --a------ c:\windows\system32\dllcache\kbd106.dll
2008-12-05 14:13 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\dllcache\kbd101c.dll
2008-12-05 14:13 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\dllcache\kbd101b.dll
2008-12-05 14:13 . 2001-08-17 14:55 5,632 --a------ c:\windows\system32\kbd103.dll
2008-12-05 14:13 . 2001-08-17 14:55 5,632 --a------ c:\windows\system32\dllcache\kbd103.dll
2008-12-05 14:01 . 2008-12-05 14:01 d-------- c:\program files\Topmost Clock
2008-12-05 13:10 . 2008-09-15 06:12 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys
2008-12-05 13:09 . 2008-10-24 05:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-05 13:08 . 2008-04-11 13:04 691,712 --------- c:\windows\system32\dllcache\inetcomm.dll
2008-12-05 13:08 . 2008-05-01 08:33 331,776 --------- c:\windows\system32\dllcache\msadce.dll
2008-12-05 13:07 . 2008-09-08 04:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-12-05 13:07 . 2008-06-13 05:05 272,128 --------- c:\windows\system32\dllcache\bthport.sys
2008-12-05 12:56 . 2008-08-14 04:11 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-05 12:56 . 2008-08-14 04:09 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-05 12:56 . 2008-08-14 03:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-05 12:56 . 2008-08-14 03:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-05 12:51 . 2008-05-08 08:02 203,136 --------- c:\windows\system32\dllcache\rmcast.sys
2008-12-05 12:37 . 2008-10-15 10:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-12-05 12:36 . 2008-09-04 11:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-12-05 12:36 . 2008-08-14 04:04 138,496 --------- c:\windows\system32\dllcache\afd.sys
2008-12-05 12:33 . 2008-12-05 12:33 d-------- c:\windows\system32\LogFiles
2008-12-05 12:13 . 2008-12-05 12:13 16 --a------ c:\windows\popcinfo.dat
2008-12-05 09:32 . 2008-12-05 09:32 d-------- C:\rsit
2008-12-05 00:57 . 2008-12-05 00:57 d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-05 00:53 . 2005-09-23 08:29 626,688 --a------ c:\windows\system32\msvcr80.dll
2008-12-05 00:04 . 2008-12-05 00:04 d-------- c:\program files\Spyware Doctor
2008-12-05 00:04 . 2008-12-05 00:04 d-------- c:\documents and settings\Lia Yang\Application Data\PC Tools
2008-12-05 00:04 . 2008-12-05 00:04 d-------- c:\documents and settings\All Users\Application Data\TEMP
2008-12-05 00:04 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-12-05 00:04 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-12-05 00:04 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-12-05 00:04 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-12-04 23:41 . 2008-12-04 23:44 1,374 --a------ c:\windows\imsins.BAK
2008-12-04 22:05 . 2008-12-04 22:05 d-------- c:\program files\Yahoo!
2008-12-04 22:05 . 2008-12-04 22:05 d-------- c:\program files\CCleaner
2008-12-04 21:59 . 2008-12-04 21:59 d-------- c:\program files\a-squared Anti-Malware
2008-12-04 21:46 . 2008-12-04 21:46 d-------- c:\program files\Avira
2008-12-04 21:46 . 2008-12-04 21:46 d-------- c:\documents and settings\All Users\Application Data\Avira
2008-12-04 20:20 . 2008-12-04 20:20 d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-04 20:20 . 2008-12-04 20:20 d-------- c:\documents and settings\Lia Yang\Application Data\Malwarebytes
2008-12-04 20:20 . 2008-12-04 20:20 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-04 20:20 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-04 20:20 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-04 19:51 . 2008-12-04 23:41 193,960 --a------ c:\windows\system32\ICAutoUpdate.log.bak
2008-12-04 19:33 . 2008-10-12 22:53 d-------- c:\documents and settings\Administrator.LIAYANG\Application Data\Symantec
2008-12-04 19:33 . 2008-10-12 22:01 d-------- c:\documents and settings\Administrator.LIAYANG\Application Data\InstallShield
2008-12-04 19:33 . 2008-12-04 19:33 d-------- c:\documents and settings\Administrator.LIAYANG
2008-12-04 19:33 . 2008-10-12 22:59 703 --a------ c:\documents and settings\Administrator.LIAYANG\set_env.bat
2008-12-04 18:24 . 2008-12-04 18:24 d-------- c:\program files\uTorrent
2008-12-04 18:24 . 2008-12-04 18:24 d-------- c:\documents and settings\Lia Yang\Application Data\uTorrent
2008-12-04 18:23 . 2008-12-04 18:23 0 --a------ c:\windows\nsreg.dat
2008-12-04 18:21 . 2008-05-06 23:12 1,288,192 --------- c:\windows\system32\dllcache\quartz.dll
2008-12-04 18:10 . 2008-12-04 18:10 d-------- c:\documents and settings\Lia Yang\Application Data\OpenOffice.org
2008-12-04 18:08 . 2008-12-04 18:08 d-------- c:\documents and settings\Lia Yang\Application Data\vlc
2008-12-04 18:08 . 2008-12-04 18:13 10,671 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2008-12-04 18:08 . 2008-12-04 18:13 805 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2008-12-04 18:06 . 2008-12-04 18:06 d-------- c:\program files\OpenOffice.org 3
2008-12-04 18:06 . 2008-12-04 18:06 d-------- c:\program files\JRE
2008-12-04 18:05 . 2008-12-04 18:05 d-------- c:\program files\VideoLAN
2008-12-04 18:04 . 2008-12-04 18:04 d-------- c:\program files\Common Files\Java
2008-12-04 17:36 . 2008-12-04 17:36 d-------- c:\program files\MediaMonkey
2008-12-04 17:18 . 2008-12-04 17:18 d-------- c:\documents and settings\Lia Yang\Application Data\LimeWire
2008-12-04 17:17 . 2008-12-04 17:17 d-------- c:\program files\Java
2008-12-04 17:17 . 2008-12-04 17:17 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-04 17:17 . 2008-12-04 17:17 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-04 17:13 . 2008-12-04 17:13 d-------- c:\program files\LimeWire
2008-12-04 03:52 . 2008-12-04 03:52 d-------- c:\documents and settings\All Users\Application Data\Windows Live Toolbar
2008-12-04 03:40 . 2008-12-04 03:40 d-------- c:\documents and settings\Lia Yang\Application Data\PlayFirst
2008-12-04 03:40 . 2008-12-04 03:40 d-------- c:\documents and settings\All Users\Application Data\PlayFirst
2008-12-04 03:36 . 2008-10-12 22:53 d-------- c:\documents and settings\Lia Yang\Application Data\Symantec
2008-12-04 03:36 . 2008-10-12 22:01 d-------- c:\documents and settings\Lia Yang\Application Data\InstallShield
2008-12-04 03:36 . 2008-12-04 03:36 d-------- c:\documents and settings\Lia Yang
2008-12-04 03:36 . 2008-10-12 22:59 703 --a------ c:\windows\system32\config\systemprofile\set_env.bat
2008-12-04 03:36 . 2008-10-12 22:59 703 --a------ c:\documents and settings\Lia Yang\set_env.bat
2008-12-04 03:35 . 2008-10-12 22:59 703 --a------ c:\documents and settings\Default User\set_env.bat
2008-12-04 03:33 . 2008-12-04 03:34 5,208 --a------ c:\windows\system32\pid.PNF
2008-12-04 02:59 . 2008-12-04 02:59 16 --a------ c:\windows\system32\coh.cache
2008-12-04 02:58 . 2008-12-04 02:58 d--h----- c:\windows\PIF
2008-12-04 02:48 . 2008-12-04 02:48 d-------- c:\program files\Norton AntiVirus
2008-12-04 02:47 . 2008-12-04 02:47 d-------- c:\program files\Symantec
2008-12-04 02:47 . 2008-12-04 18:13 123,952 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-04 02:47 . 2008-12-04 18:13 60,800 --a------ c:\windows\system32\S32EVNT1.DLL
2008-12-04 02:19 . 2008-12-04 02:19 d-------- c:\program files\DAEMON Tools
2008-12-04 02:19 . 2008-12-04 02:19 223,128 --a------ c:\windows\system32\drivers\dtscsi.sys
2008-12-04 02:16 . 2008-12-04 02:16 664,064 --a------ c:\windows\system32\drivers\sptd.sys
2008-12-04 02:16 . 2008-12-04 02:16 96,384 --a------ c:\windows\system32\drivers\sptd9917.sys
2008-12-04 00:46 . 2008-12-04 00:46 d-------- c:\documents and settings\Administrator

thajyeeb
Novice
Novice

Posts Posts : 25
Joined Joined : 2008-12-05
OS OS : Windows XP Home Edition
Points Points : 29223
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: HELP! Backdoor.tidserv!inf

Post by thajyeeb on Fri Dec 05, 2008 5:27 pm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-13 04:48 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-10-13 04:47 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-13 04:21 --------- d-----w c:\program files\Windows Live Toolbar
2008-10-13 04:19 --------- d-----w c:\program files\MSBuild
2008-10-13 04:13 --------- d-----w c:\program files\Reference Assemblies
2008-10-13 04:06 --------- d-----w c:\program files\Common Files\Adobe
2008-10-13 04:04 --------- d-----w c:\program files\Lenovo
2008-10-13 04:01 --------- d-----w c:\program files\Synaptics
2008-10-13 04:00 --------- d-----w c:\program files\Broadcom
2008-10-13 03:58 319,488 ----a-w c:\windows\HideWin.exe
2008-10-13 03:58 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-13 03:58 --------- d-----w c:\program files\Realtek
2008-10-13 03:58 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-13 03:54 --------- d-----w c:\program files\Intel
2008-10-03 20:34 625,032 ----a-w c:\windows\system32\SymNeti.dll
2008-10-03 20:34 242,056 ----a-w c:\windows\system32\SymRedir.dll
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 07:19 2,182 ----a-w c:\windows\FINAL_1.BAT
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"TopmostClock"="c:\program files\Topmost Clock\TopMostClock.exe" [2002-09-07 540672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-05-23 1146880]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2008-07-24 4462464]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2008-07-24 1283984]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-09-02 84640]
"osCheck"="c:\program files\Norton AntiVirus\osCheck.exe" [2006-09-05 26248]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2008-04-14 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-13 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"a-squared"="c:\program files\a-squared Anti-Malware\a2guard.exe" [2008-11-20 2780816]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-29 c:\windows\RTHDCPL.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-05 356920]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2008-10-12 9472]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys [2008-10-12 157696]
S2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe [2008-10-12 430080]
S2 tvtumon;tvtumon;c:\windows\system32\DRIVERS\tvtumon.sys [2008-10-12 47680]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-04 99376]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys []
S3 WSVD;WSVD;\??\c:\windows\system32\drivers\WSVD.sys [2008-10-12 81192]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-12-04 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Lia Yang.job
- c:\progra~1\NORTON~1\Navw32.exe [2006-09-06 20:38]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
FireFox -: Profile - c:\documents and settings\Lia Yang\Application Data\Mozilla\Firefox\Profiles\8qu0srrj.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE -
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-12-05 11:19:41
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-05 11:20:32
ComboFix-quarantined-files.txt 2008-12-05 17:20:30
ComboFix2.txt 2008-12-05 17:01:16

Pre-Run: 102,221,086,720 bytes free
Post-Run: 102,205,816,832 bytes free

239 --- E O F --- 2008-12-05 05:44:26

thajyeeb
Novice
Novice

Posts Posts : 25
Joined Joined : 2008-12-05
OS OS : Windows XP Home Edition
Points Points : 29223
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: HELP! Backdoor.tidserv!inf

Post by Belahzur on Fri Dec 05, 2008 5:29 pm

Looks good now, has the false alerts stopped?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: HELP! Backdoor.tidserv!inf

Post by thajyeeb on Fri Dec 05, 2008 5:34 pm

yes! they finally stopped!!!! thank you soooooo much, i was so freaked out last night.
Thank You! Yikes Cheers Mate

so what should i do to prevent this stuff from happening again??
I just got my netbook (2 days ago) and so far i'm not doing too well huh? Open Grin

thajyeeb
Novice
Novice

Posts Posts : 25
Joined Joined : 2008-12-05
OS OS : Windows XP Home Edition
Points Points : 29223
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: HELP! Backdoor.tidserv!inf

Post by Belahzur on Fri Dec 05, 2008 5:36 pm

Heh, we all make mistakes, you just need to becareful when surfing.
We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.


Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: HELP! Backdoor.tidserv!inf

Post by thajyeeb on Fri Dec 05, 2008 6:55 pm

thank you!
oh and i was wondering...
when i got this happened i had my external hard drive connected.. do you think it got infected. will it reinfect me if i plug it in?

thajyeeb
Novice
Novice

Posts Posts : 25
Joined Joined : 2008-12-05
OS OS : Windows XP Home Edition
Points Points : 29223
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: HELP! Backdoor.tidserv!inf

Post by Belahzur on Fri Dec 05, 2008 7:00 pm

Not quite so sure it came from a USB stick. Combofix didn't delete any autorun.inf, nor did it show a mountpoint for the malware to load.

But if you think it's infected, plug it in and see what happens.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: HELP! Backdoor.tidserv!inf

Post by Doctor Inferno on Sat Dec 20, 2008 2:51 am

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12017
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104594
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum