I was infected recently with a number of viruses, adware, malware, etc. and managed to remove most of problems. But there are two files. tdsslog.dll and tdssserf.dll that I can’t seem to get rid of. The scanner picks them up when I launch it and it’s testing memory and start up. Attempting to delete them gives me the message that they are in memory and can’t be removed/altered. I’ve tried running avast on startup and it says that the infected files are successfully removed but then they show up again when I run the scanner after startup and it’s just an endless loop of all this. I’ve tried manually locating the files and they aren’t there (show hidden files is on) and windows searches dont come up with anything either.
In addition to running Avast I’ve run Spybot Search and Destroy which got rid of the adware problems but it the exact same issue as Avast had with something called Virtumonde.sci I think. There were two registry entries that it could only remove before startup. Now it’s random as to whether or not the program picks them up. Manually locating them didn’t work, as if they didn’t actually exist at all.
A couple of what I’m assuming are related problems: Clicking on any link in a Google/yahoo search sends me to various add sites instead of where I’m supposed to go. Copy and pasting the proper URL works on occasion. Most sites related to virus help including Avasts sends me to the “Cannot connect” page. My main browser is Firefox (one version behind the most recently released one), but Internet Explorer had the same problem as well.
A couple of other issues that didn’t start until after infection: There have been three completely random system freezes; Sometimes on startup windows gets stuck right after the XP logo screen. Black background with a mouse cursor and I’ve left it there for an hour with not luck. It seems to work just fine every other time. I get the same result with Safe Mode, sometimes it works fine other times it gets stuck as soon as the screen with safe mode in each corner comes up.
Now, aside from the issues mentioned above, when its up and running my computer works just fine. There aren’t any strange processes in the Task Manager, no abnormal CPU or memory usage, no system slow downs, no popups or desktop background images, programs (games, business, etc.) run fine. It’s all very confusing.
If any of the issues i mentioned are unclear just ask me to clarify exactly what the problem im experiencing is. Thanks in advance for your help.
When you say you have run avast on startup, do you mean scheduling a boot-time scan ?
If not, Right click the avast icon, select Start avast! Antivirus, a memory scan will take place followed by the opening of the Simple User Interface, Menu, ‘Schedule boot-time scan…’ Or see http://www.digitalred.com/avast-boot-time.php.
If so then it is likely that there are other hidden/undetected elements to the infection restoring or downloading the file again.
These files are associated with a trojan backdoor which could mean there is something avoiding your firewall, what is your firewall ?
If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).
Check out this - HOSTS file redirect - 127.0.0.1 check your HOSTS file using notepad or a text editor of your choice, C:\WINDOWS\system32\drivers\etc\hosts or do a search for HOSTS to find it if not there. http://en.wikipedia.org/wiki/Hosts_file
This could also be used to redirect google, etc. to other sites.
Havn’t had time to do any of that yet but to answer your question yes I meant a boot time scan, which did find the files and successfully deleted them but they still showed up again after that. I’ll try the other things you suggested and come back with my results when I have a spare hour or two.
Hi
David R is In Europe
I’m West Coast US so I’ll be around for awhile
When you run the SAS Scan Clean and Quarantine do not remove/delete
With MBAM put a check next to any baddies then
click
REMOVE SELECTED- a backup will be made
post the logs
With Spybot update every Wednesday and re-immunize
then (after the general purpose scanners)
read the stickie at the top of the forum and run a scan and log with Hijack This
post it here
we may then want to run a special purpose tool VUNDOFIX but I do not want anything exciting like a virus active so let’s get rid of any other infections (we can find) first
also
what
AV
Firewall
Browser
etc
are you running Spybot’s immunize it adds entries to your Hosts file (but no redirects)
are you running any other Hosts file such as MVPS Hosts or HPHosts?
If just Spybot you could remove Spybots Host list (from Mode>Advanced>Tools>Hosts)
then see if there is anything left- replace after looking and cleaning
be advised that Avast Mail scanner sometimes has entries in the Hosts file
they should be obvious
I do not think that removing spybot or other host entries will disturbe them but deleting hosts would
you can use spybot to back up your hosts file
Scotty the Win Patrol watchdog will alert on any changes to Hosts
Those 2 "dll"s you mentioned I think are part of One of the many “Rogue”
programs that are quite frequent nowadays, which are Best dealt with by
the FREE Version of Malwarebytes’ Anti-Malware that has been recommended
twice to you .
Well its been a hectic… however long it was since I asked you guys for help. But I FINALLY got around to trying all your suggestions and they worked great. All the problems are gone, and just to check I reran everything an additional time and no threats came up.
All the issues I stated in my original post are gone. Thanks so much for your help guys.
hi steve
great news
If you want to post a hjt we will take a look at it- see the stickie at the top of the forum
run secunia software inspector and get updated
REMOVE ALL OLD JAVA
install a third party firewall for outbound protection
have an active anti malware/anti spyware
Spybot with t-timer as a minimum or ask (depends on system resources memory speed etc)
cheers