It seems like the PC the kids go on is infected with a TDss Trojan Horse. Running in Safe Mode, Avast was able to detect and clean (put into the Virus Chest) two of the buggers, but during repeated scans, the computer just keeps rebooting.
I’ve scanned through a couple of threads here that seem to be related to this problem, and oh boy, it sounds difficult to get rid of. I’m wondering if it would be faster to so a clean install of the op system (XP)?
What do you folks think? If it’s a matter of downloading a couple of programs and running them, I can do that, but I don’t have the time to spend hours trying to fix this bug.
For security I’m running:
Avast 5.0 free
Spysweeper
PC Tools Firewall
and I keep everything updated and I scan regularly.
It’s a rootkit (hidden virus) that generally replicates. Difficult to clean.
Hope Essexboy could guide you and help on cleaning.
I can’t go further, just suggest you the general cleaning procedure:
Clean your temporary files.
Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, it is better and safer to send the infected file(s) to quarantine (Chest), rather than simply deleting them.
Good morning everybody! It’s looking like it’s going to be a beautiful day here in northern Wisconsin USA
I wish I could say the same for the infected eMachines computer! ???
I did step 1 and used Programs-accessories-system tools-disk cleanup to clean the PC. The virus didn’t like that and rebooted the PC after the process was done.
I then went to step 2 (Avast boot scan) and now no matter what I do, I can’t get the PC to get to the main Windows screen without rebooting. If I try to boot in safe mode, I get about 2 screens where it scrolls thru boot path (dont think this is the right term and I apologize) and just stops after one certain boot path.
As it sits there trying to boot, the HD is trying to do or doing something…but it just sits there.
Any ideas? or should I just reinstall the op system? I don’t want to give up but I don’t have time to be messing around…yes there will be some data lost, but nothing earth shattering.
UPDATE – I was able to do a safe boot…and get to the Avast program. I selected the Boot Scan option, hit “restart computer” and it started to reboot, only to reboot itself shortoly after the desktop picture that I have on the PC showed.
I burned Dr CureIt onto a CD on my computer that works, installed it on the infected PC, then tried to run it but the program locked up. I’m going to try Norman now.
When I tried to run Norman after installing it from a CD, it wouldn’t run.
Maybe neither of these programs like to be installed and ran from a CD?
Well…the PC is back up and running without rebooting. I was able to run the Avast rootkit program and it found nothing.
Then I ran the Avast boot scan and on the first try it found nothing, then I checked two “advanced” boxes and ran it again and it found 2,989 rootkits, and also one infected file with the Tdss Trojan Horse.
I’m now running MBAM and it’s founf 2 infections so far. My plan is to run Dr. CureIt next (I forgot that I should have run this before MBAM).
But there’s another posted who suggests to runt he Combo program.
I guess I’ll run everything until I blow the processor!
What avast anti-rootkit program are you talking about ?
If it isn’t the one that is built into the avast5 application (and you are running it from there), then it is a very old stand alone beta version. This was used for the very early development of what went into avast 4.8 and produced many such detections. It hasn’t been developed as a stand alone application, only the one built into avast should be used.
Yes, very outdated beta version which hasn’t been updated as stand alone beta application, which really shouln’t be used outside of a beta environment (e.g. test system).
[*]Extract the file and run it.
[*]Once completed it will create a log in your [b]C:[/b] drive
[]Reboot your computer
[]Please post the contents of that log
Also - I want to use the proper combination of anti virus, malware, etc. programs. The Avast forums have been so good to me over the years that I want to support their products.
What should I be using please? If I need to post this question elsewhere, please tell me where.
I use Avast with the ocasional scan with MBAM - works for me What are your current problems ?
To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.
[*]Close ALL OTHER PROGRAMS.
[*]Double-click on OTS.exe to start the program.
[*]Check the box that says Scan All Users
[*]Under Additional Scans check the following:
[*]Reg - Shell Spawning
[*]File - Lop Check
[*]File - Purity Scan
[*]Evnt - EvtViewer (last 10)
[*]Under the Custom Scan box paste this in
netsvcs
drivers32 /all
%SYSTEMDRIVE%*.*
%systemroot%\system32\Spool\prtprocs\w32x86*.dll
%systemroot%\system32*.wt
%systemroot%\system32*.ruy
%systemroot%\Fonts*.com
%systemroot%\system32\spool\prtprocs\w32x86*.tmp
%systemroot%*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32*.dll /lockedfiles
%systemroot%\Tasks*.job /lockedfiles
%systemroot%\System32\config*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
[*]Now click the Run Scan button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.