Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

COMPUTER INFECTED?

  • 09-05-2009 11:48pm
    #1
    Closed Accounts Posts: 14


    Hi,
    Would appreciate any help.

    I just downloaded a free copy of Spyware Doctor and ran it to see if I had any viruses on my computer (was initially concerned that Keylogger was installed on my pc, and wanted to check this) but the report has stated that I have the 8 Threats & and 261 infections on my computer:eek::

    Don't have a clue what they mean - but thes are the most worrying:
    2 threats of:
    Name: Trojan.TDSServ
    Threat Level: High

    Description: Trojan.TDSServ is a trojan horse that may represent security risk for the compromised system and/or its network environment. The program uses rootkit-specific techniques designed to hide the software presence in the system. This trojan also blocks user access to security website such as pctools.com.
    Type: TT_Backdoor, TT_Downloader, TT_R

    When i looked further into this it gave a summary of the type of threat: "A malicious backdoor trojan that runs in the background and allows remote access to the compromised system"

    It also gave a remote host number and the Port no and times it was iniatiated. Wat does this mean? someone had access to my PC remotely?

    There are a few more threats listed but don't know how to post a screen shot to you all of them. can anyone advise?

    Can Anyone advise? - The SPYWARE DOCTOR can remove them - but I will have to pay for this part - and am unemployed.:(

    thanks for any help.


Comments

  • Closed Accounts Posts: 68 ✭✭numbnuts


    Hi,bekz That's a nasty one can you do this to start you of on the road to gettin cleaned..

    ASJ will maybe want to see some more let us know if your not able to run any of these Please .. LETS US KNOW..

    Please download ATF Cleaner by Atribune from http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25 . Save it to your Desktop.

    Run ATF Cleaner
    • Double-click ATF-Cleaner.exe to run the program.
    • Click Select All found at the bottom of the list.
    • Click the Empty Selected button.
    • Click Exit on the Main menu to close the program.
    • Shutdown/restart the computer.


    Next Please download Malwarebytes' Anti-Malware to your desktop.
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad.

      Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    • Please post contents of that file in your next reply.


    Paddy..


  • Closed Accounts Posts: 14 bekz09


    numbnuts wrote: »
    Hi,bekz That's a nasty one can you do this to start you of on the road to gettin cleaned..

    [/b]
    [*]Please post contents of that file in your next reply.[/list]


    Paddy..


    Hi Paddy,
    Thanks for your response. Ran the two applications. It said it found 3 items infected. (Big difference to the SPY doctor log)

    As requested, This is the Logfile content from Notebook;

    Malwarebytes' Anti-Malware 1.36
    Database version: 2104
    Windows 6.0.6000

    10/05/2009 13:53:06
    mbam-log-2009-05-10 (13-53-06).txt

    Scan type: Full Scan (C:\|D:\|E:\|F:\|)
    Objects scanned: 195338
    Time elapsed: 2 hour(s), 8 minute(s), 8 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Users\shauna\AppData\Local\Temp\TDSS3cee.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Users\shauna\AppData\Local\Temp\TDSS3d1d.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.


    Do I need to do more?
    thanks


  • Closed Accounts Posts: 29 lydabryant


    Better backup all your data and reformat your system and install a good antivirus like kaspersky... :cool:


  • Closed Accounts Posts: 68 ✭✭numbnuts


    lydabryant wrote: »
    Better backup all your data and reformat your system and install a good antivirus like kaspersky... :cool:

    I don't think they have to reformat! "bekz." The files showing are in temp folders and are easily cleaned.. But lets make sure ..

    Do this please ..

    Please can you Download random's system information tool (RSIT) and save it to your desktop.
    Double click on RSIT.exe to run RSIT.
    Click Continue at the disclaimer screen,
    Once it has finished, there will be two logs open.
    Please post the contents of both log.txt and info.txt
    Note,
    The info.txt will be minimized on your Desktop.

    Paddy..


  • Closed Accounts Posts: 3,817 ✭✭✭ynotdu


    bekz09 wrote: »
    Hi,
    Would appreciate any help.

    I just downloaded a free copy of Spyware Doctor and ran it to see if I had any viruses on my computer (was initially concerned that Keylogger was installed on my pc, and wanted to check this) but the report has stated that I have the 8 Threats & and 261 infections on my computer:eek::

    Don't have a clue what they mean - but thes are the most worrying:
    2 threats of:
    Name: Trojan.TDSServ
    Threat Level: High

    Description: Trojan.TDSServ is a trojan horse that may represent security risk for the compromised system and/or its network environment. The program uses rootkit-specific techniques designed to hide the software presence in the system. This trojan also blocks user access to security website such as pctools.com.
    Type: TT_Backdoor, TT_Downloader, TT_R

    When i looked further into this it gave a summary of the type of threat: "A malicious backdoor trojan that runs in the background and allows remote access to the compromised system"

    It also gave a remote host number and the Port no and times it was iniatiated. Wat does this mean? someone had access to my PC remotely?

    There are a few more threats listed but don't know how to post a screen shot to you all of them. can anyone advise?

    Can Anyone advise? - The SPYWARE DOCTOR can remove them - but I will have to pay for this part - and am unemployed.:(

    thanks for any help.

    Hi I see other posters are giving you good advice already.

    where did you download the free version of spyware doctor from?

    The free version from the Google pack DOES delete threats found on a scan.

    important to remember though its main function is to discover spyware.
    for viruses etc you also need a good Antivirus programme.
    AVG is the most popular anti-virus on download.com(a site that guarantees malware free downloads(and its millions of users make sure they keep to that promise!:))
    You can read the publishers review,download.coms review and most importantly USERS reviews of their software(AVG is just the most popular,many other anti-virus programmes available also)

    the free version of AVG works great for me!

    good luck!


  • Advertisement
  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    hi

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    RcAuto1.gif


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.


Advertisement