dahotnezz

Removal of malware and trojan viruses

Recommended Posts

Ok so this is my 3rd attempt at getting assistance. I believe that this is a new thread I have started(per the sites instructions). I need assistance with malware and virus removal. The a-squared software removed some viruses, but directed me to this site for further assistance.I have attached the asquared and win reports. Any aasistance is greatly appreciated.

Share this post


Link to post
Share on other sites

Do the following to remove trojan TDSSserv (trojan Backdoor.Tidserv).

PART I: TDss RootKit removal

Step 1: Disable TDSSserv trojan driver.

  • Right click the My computer icon. If you are using the non classic Start menu, then right click My computer icon on your Start button menu.
  • Click Properties.
  • Click Hardware Tab.
  • Click Device Manager.
  • In the top menu, click View and click Show Hidden Drivers.
  • Scroll down to non Plug and Play drivers.
  • Click + at left.
  • In the list of drivers right click UACd.sys. (If you do not find this, then skip to Step 2)
  • Click Disable.
  • Click YES for confirm.
  • Close all windows and reboot your computer.

Step 2: Remove TDSSserv Registry Keys

  • Download RegASSASSIN from HERE. Save to your Desktop
  • Run RegASSASSIN
  • Click "I Agree"
  • Copy & Paste the following RegKey to be deleted:
    HKEY_LOCAL_MACHINE\SOFTWARE\UAC

    If you receive the error message "The registry key you have specified does not exist or is not visible to regassasin. This may be caused by a set permission that does not allow regassasin to see it, would you like to continue?" Click "Yes" to continue.

  • Close all windows and reboot your computer.

PART II: TDss RootKit removal

Step 3: Delete TDSSserv trojan driver.

  • Download Avenger from HERE and unzip to your desktop.
  • Run Avenger, copy & paste the following text in Input script Box:
    Drivers to delete:
    UACd.sys


    Then click "Execute".

  • You will be asked, "Are you sure you want to execute the current script?". Click Yes.
  • You will now be asked First step completed - The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes.
  • Your PC will now reboot

Step 4: Running ComboFix

Download to your Desktop

- ComboFix by sUBs from >> Geeks2Go <<

Save as AvoidTDSS.exe during the download. ComboFix must be renamed before you download to your Desktop

Close ALL windows

Double click AvoidTDSS.exe follow the prompts

When finished, the program will produce a log

Note:

1. Do not mouseclick combofix's window while it's running. That may cause it to stall!

2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

Step 4: Getting Logs

Post the following logs:

  • ComboFix
  • ISeeYouXP

Share this post


Link to post
Share on other sites

Do the following to remove trojan TDSSserv (trojan Backdoor.Tidserv).

PART I: TDss RootKit removal

Step 1: Disable TDSSserv trojan driver.

  • Right click the My computer icon. If you are using the non classic Start menu, then right click My computer icon on your Start button menu.
  • Click Properties.
  • Click Hardware Tab.
  • Click Device Manager.
  • In the top menu, click View and click Show Hidden Drivers.
  • Scroll down to non Plug and Play drivers.
  • Click + at left.
  • In the list of drivers right click UACd.sys. (If you do not find this, then skip to Step 2)
  • Click Disable.
  • Click YES for confirm.
  • Close all windows and reboot your computer.

Step 2: Remove TDSSserv Registry Keys

  • Download RegASSASSIN from HERE. Save to your Desktop
  • Run RegASSASSIN
  • Click "I Agree"
  • Copy & Paste the following RegKey to be deleted:
    HKEY_LOCAL_MACHINE\SOFTWARE\UAC

    If you receive the error message "The registry key you have specified does not exist or is not visible to regassasin. This may be caused by a set permission that does not allow regassasin to see it, would you like to continue?" Click "Yes" to continue.

  • Close all windows and reboot your computer.

PART II: TDss RootKit removal

Step 3: Delete TDSSserv trojan driver.

  • Download Avenger from HERE and unzip to your desktop.
  • Run Avenger, copy & paste the following text in Input script Box:
    Drivers to delete:
    UACd.sys


    Then click "Execute".

  • You will be asked, "Are you sure you want to execute the current script?". Click Yes.
  • You will now be asked First step completed - The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes.
  • Your PC will now reboot

Step 4: Running ComboFix

Download to your Desktop

- ComboFix by sUBs from >> Geeks2Go <<

Save as AvoidTDSS.exe during the download. ComboFix must be renamed before you download to your Desktop

Close ALL windows

Double click AvoidTDSS.exe follow the prompts

When finished, the program will produce a log

Note:

1. Do not mouseclick combofix's window while it's running. That may cause it to stall!

2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

Step 4: Getting Logs

Post the following logs:

  • ComboFix
  • ISeeYouXP

I am not sure where these logs are located, but i am posting the one i have that was generated from combfix...thanks

Share this post


Link to post
Share on other sites

Don't reply with qoute use the add reply button. It's justt adding unnecessary clutter to a thread.

You have to run ISeeYouXP in order for it to generate a log.

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Lack of Response

PM either ShadowPuterDude or Lynx to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.