I think I am infected. I am running Windows XP Pro, SP3. Symptoms include:

• Avast! (Home Edition) showed as disabled in system tray, then disappeared. Now it will not run at all. Has been okay for years!
• Spybot will not run
• Various malware removers will not run or install (including Microsoft’s Malicious remover, Spybot, etc)
• CCleaner will not run.
• HijackThis does not install or run, even after being renamed.
• System Restore says “cannot restore” even though there are several restore points (I have not switched this off)
• Cannot get into Safe Mode (I press f8 as usual, choose Safe Mode, but I get a Blue Screen and system halts)
• Windows Firewall was switched off (but I have managed to get that working again)
  All of the programs where I say “does not run” or “does not install”: sometimes I get a quick flash of something happening on the screen, but then it goes away; usually there is a simply a little disk activity but then nothing happens. It’s as if the malware notices the application running and then stops it.

I am a little worried because avast! was running and didn’t pick anything up. Has anyone ever seen this sort of thing before?

Please help!

If avast! is out for the count, try one (or more) of these rescue CD’s:

Download and burn the disk image on an uninfected computer. Boot the infected computer from the disk and run a virus scan (after updating virus definitions if this option is present).

Kaspersky Rescue Disk
AntiVir Rescue CD
Bitdefender Rescue CD
F-Secure Rescue CD

Thanks for this – I’ll burn the disks at work and try them on the infected machine at home tonight, and let you know how I get on.

avast since 4.8 has a self-defence module that makes this a little more difficult, however, there is a variant of beagle that is able to get past that. This is also protected by a rootkit I beieve.

Also see, anti-rootkit, detection, removal & protection http://www.antirootkit.com/software/index.htm. Try these as they are some of the more efficient and user friendly anti-rootkit tools.

• Panda Rootkit Cleaner - http://research.pandasoftware.com/blogs/images/AntiRootkit.zip.
• Trend Micro RootkitBuster - http://www.trendmicro.com/download/rbuster.asp
• F-Secure Blacklight may not always be available, http://www.f-secure.com/blacklight

allatsea: it seems to be infected with some recent variant of Win32:Beagle… did you run some crack, keygen, trainer etc from eMule, Torrent or DC++? it’s a frequently used source of this malware family…

Hi :

Might want to do a Windows “Search” on your computer for “tdss”, especially
“TDSSserv.sys” and “delete” all such Entries ; generally this is the “cause”
of the symptoms you are reporting .

Should consider the Info at www.techspot.com/vb/topic118177.html .