Author Topic: viruses  (Read 50128 times)

0 Members and 1 Guest are viewing this topic.

wyrmrider

  • Guest
Re: viruses
« Reply #30 on: September 08, 2008, 10:47:16 PM »
We would prefer to see a third party firewall
Vista firewall can be set somewhat to filter outbound traffic but from what I hear is a real pain
You do not have to copy whole of previous posts
I've never heard of anyone messing with VRDP- so it must be OK
If you are running Spybot t-timer or other real time protection let us know
Vista 32 or 64?
If I propose something that does not work with Vista shout out.

high scan?
boot time scan or settings on high  post with the scan log
thanks

tvdxrools

  • Guest
Re: viruses
« Reply #31 on: September 08, 2008, 11:57:57 PM »
We would prefer to see a third party firewall
Vista firewall can be set somewhat to filter outbound traffic but from what I hear is a real pain
You do not have to copy whole of previous posts
I've never heard of anyone messing with VRDP- so it must be OK
If you are running Spybot t-timer or other real time protection let us know
Vista 32 or 64?
If I propose something that does not work with Vista shout out.

high scan?
boot time scan or settings on high  post with the scan log
thanks
ok run boot scan didnt find anything so take it spyware dr got it tried few times to download malware rougue from malware.org everytime its telling me it cant run ther is a file missing what firewall do u suggest i run and also how do i get the scan log to post on here both from avast and spware dr thanks

wyrmrider

  • Guest
Re: viruses
« Reply #32 on: September 09, 2008, 12:49:47 AM »
both MBAM and Rogue Remover should run with vista
did you try them both?
we'll move on but I suggest that you post the problem here for MBAM

http://www.malwarebytes.org/forums/index.php?s=bcd9c964254b78ae1426a9596f62dfdc&showforum=41

and here for RR
http://www.malwarebytes.org/forums/index.php?s=bcd9c964254b78ae1426a9596f62dfdc&showforum=34
you need to be able to run these excellent tools

Did you say you ran Spyware Doctor? which version? Free trial, Paid, GooglePack?
Spyware Doctor has an excellent forum here and they actually have Tech support!
http://www.pctools.com/forum/forumdisplay.php?f=54
they can quickly help you find the right log



DAvidR or Tech
can you address the post the log questions?

meanwhile Spybot search and destroy
http://www.safer-networking.org/en/mirrors/index.html
could you download, (install sd-helper do not install t-timer) update, immunize and run a full scan
quarantine any hits do not remove/ delete
post the log




tvdxrools

  • Guest
Re: viruses
« Reply #33 on: September 09, 2008, 01:04:47 AM »
both MBAM and Rogue Remover should run with vista
did you try them both?
we'll move on but I suggest that you post the problem here for MBAM

http://www.malwarebytes.org/forums/index.php?s=bcd9c964254b78ae1426a9596f62dfdc&showforum=41

and here for RR
http://www.malwarebytes.org/forums/index.php?s=bcd9c964254b78ae1426a9596f62dfdc&showforum=34
you need to be able to run these excellent tools

Did you say you ran Spyware Doctor? which version? Free trial, Paid, GooglePack?
Spyware Doctor has an excellent forum here and they actually have Tech support!
http://www.pctools.com/forum/forumdisplay.php?f=54
they can quickly help you find the right log



DAvidR or Tech
can you address the post the log questions?

meanwhile Spybot search and destroy
http://www.safer-networking.org/en/mirrors/index.html
could you download, (install sd-helper do not install t-timer) update, immunize and run a full scan
quarantine any hits do not remove/ delete
post the log




i ran the free version of spyware doctor to try it out and see if it was any good first no i just downloaded rogue remover i will try both them together also try spybot i will attemt hjk this afterwards i just hope we find a solution as my computer is looked after thats why i dont understand all these viruses im just glad of the help thanks again

wyrmrider

  • Guest
Re: viruses
« Reply #34 on: September 09, 2008, 01:21:19 AM »
spyware doctor is an excellent product
I just removed due to a comparability problem or I could fire it up and see where the logs are
It would be really nice to know if it found anything
see what you can find

we gotta start somewhere
thanks for keeping trying
we'll find a chink in the armor

tvdxrools

  • Guest
Re: viruses
« Reply #35 on: September 09, 2008, 01:35:15 AM »
spyware doctor is an excellent product
I just removed due to a comparability problem or I could fire it up and see where the logs are
It would be really nice to know if it found anything
see what you can find

we gotta start somewhere
thanks for keeping trying
we'll find a chink in the armor
  ok thanks ive got a log of my scan with spyware dr will post it here have to do it in to or 3 quotes as it is to big it might give u an idea of where the viruses came from or the files they infected ok i will go ahead and star posting them

tvdxrools

  • Guest
Re: viruses
« Reply #36 on: September 09, 2008, 01:37:20 AM »
spyware doctor is an excellent product
I just removed due to a comparability problem or I could fire it up and see where the logs are
It would be really nice to know if it found anything
see what you can find

we gotta start somewhere
thanks for keeping trying
we'll find a chink in the armor
  ok thanks ive got a log of my scan with spyware dr will post it here have to do it in to or 3 quotes as it is to big it might give u an idea of where the viruses came from or the files they infected ok i will go ahead and star posting them
    >
<section name="items">
<value number="0" datetime="07/09/2008 19:40:27:238" summary="Anti-Malware Engine" alertlevel="1" description="Anti-Malware engine configuration loaded successfully."/>
<value number="1" datetime="07/09/2008 19:42:48:440" summary="Scan Started" alertlevel="1" description="&lt;b&gt;Scan Type&lt;/b&gt; - Full Scan&lt;br&gt;"/>
<value number="2" datetime="07/09/2008 23:55:01:810" summary="Service Started" alertlevel="1" description="Spyware Doctor Service Application started"/>
<value number="3" datetime="07/09/2008 23:55:01:824" summary="Anti-Malware Engine" alertlevel="1" description="Anti-Malware engine configuration loaded successfully."/>
<value number="4" datetime="07/09/2008 23:55:01:924" summary="IntelliGuards status" alertlevel="1" description="All IntelliGuards were Enabled"/>
<value number="5" datetime="07/09/2008 23:55:02:249" summary="Immuniser Results" alertlevel="1" description="ActiveX section has been immunised. No items were processed."/>
<value number="6" datetime="08/09/2008 00:11:51:890" summary="Service Stopped" alertlevel="1" description="Spyware Doctor Service Application Stopped"/>
<value number="7" datetime="08/09/2008 01:17:29:484" summary="Service Started" alertlevel="1" description="Spyware Doctor Service Application started"/>
<value number="8" datetime="08/09/2008 01:17:29:531" summary="Anti-Malware Engine" alertlevel="1" description="Anti-Malware engine configuration loaded successfully."/>
<value number="9" datetime="08/09/2008 01:17:29:703" summary="IntelliGuards status" alertlevel="1" description="All IntelliGuards were Enabled"/>
<value number="10" datetime="08/09/2008 01:17:30:86" summary="Immuniser Results" alertlevel="1" description="ActiveX section has been immunised. No items were processed."/>
<value number="11" datetime="08/09/2008 01:35:40:837" summary="Immuniser Results" alertlevel="1" description="ActiveX section has been immunised. No items were processed."/>
<value number="12" datetime="08/09/2008 02:20:21:480" summary="Service Stopped" alertlevel="1" description="Spyware Doctor Service Application Stopped"/>
<value number="13" datetime="08/09/2008 02:23:43:817" summary="Service Started" alertlevel="1" description="Spyware Doctor Service Application started"/>
<value number="14" datetime="08/09/2008 02:23:43:833" summary="Anti-Malware Engine" alertlevel="1" description="Anti-Malware engine configuration loaded successfully."/>
<value number="15" datetime="08/09/2008 02:23:43:903" summary="IntelliGuards status" alertlevel="1" description="All IntelliGuards were Enabled"/>
<value number="16" datetime="08/09/2008 02:23:44:239" summary="Immuniser Results" alertlevel="1" description="ActiveX section has been immunised. No items were processed."/>
<value number="17" datetime="08/09/2008 02:51:38:184" summary="Immuniser Results" alertlevel="1" description="ActiveX section has been immunised. No items were processed."/>
<value number="18" datetime="08/09/2008 02:51:39:688" summary="Immuniser Results" alertlevel="1" description="ActiveX section has been immunised. No items were processed."/>
<value number="19" datetime="08/09/2008 02:51:57:506" summary="Scan Started" alertlevel="1" description="&lt;b&gt;Scan Type&lt;/b&gt; - Intelli-Scan&lt;br&gt;"/>
<value number="20" datetime="08/09/2008 02:53:57:417" summary="Scan Finished" alertlevel="1" description="&lt;b&gt;Scan Type&lt;/b&gt; - Intelli-Scan&lt;br&gt;&lt;b&gt;Items Processed&lt;/b&gt; - 137062&lt;br&gt;&lt;b&gt;Threats Detected&lt;/b&gt; - 0&lt;br&gt;&lt;b&gt;Infections Detected&lt;/b&gt; - 0&lt;br&gt;&lt;b&gt;Infections Ignored&lt;/b&gt; - 0&lt;br&gt;"/>
<value number="21" datetime="08/09/2008 17:25:07:865" summary="Service Started" alertlevel="1" description="Spyware Doctor Service Application started"/>
<value number="22" datetime="08/09/2008 17:25:07:936" summary="Anti-Malware Engine" alertlevel="1" description="Anti-Malware engine configuration loaded successfully."/>
<value number="23" datetime="08/09/2008 17:25:08:243" summary="IntelliGuards status" alertlevel="1" description="All IntelliGuards were Enabled"/>
<value number="24" datetime="08/09/2008 17:25:08:639" summary="Immuniser Results" alertlevel="1" description="ActiveX section has been immunised. No items were processed."/>
<value number="25" datetime="08/09/2008 17:31:59:778" summary="Service Stopped" alertlevel="1" description="Spyware Doctor Service Application Stopped"/>
<value number="26" datetime="08/09/2008 18:23:22:925" summary="Service Started" alertlevel="1" description="Spyware Doctor Service Application started"/>
<value number="27" datetime="08/09/2008 18:23:22:925" summary="Anti-Malware Engine" alertlevel="1" description="Anti-Malware engine configuration loaded successfully."/>
<value number="28" datetime="08/09/2008 18:23:22:995" summary="IntelliGuards status" alertlevel="1" description="All IntelliGuards were Enabled"/>
<value number="29" datetime="08/09/2008 18:23:23:440" summary="Immuniser Results" alertlevel="1" description="ActiveX section has been immunised. No items were processed."/>
<value number="30" datetime="08/09/2008 18:25:02:552" summary="Scan Started" alertlevel="1" description="&lt;b&gt;Scan Type&lt;/b&gt; - Full Scan&lt;br&gt;"/>
<value number="31" datetime="08/09/2008 18:47:13:658" summary="Scheduled Scan Skipped" alertlevel="1" description="Scheduled task Full scan of this computer skipped - another scan is already running."/>
<value number="32" datetime="08/09/2008 18:47:32:938" summary="Scheduled Scan Skipped" alertlevel="1" description="Scheduled task Full scan of this computer skipped - another scan is already running."/>
<value number="33" datetime="08/09/2008 18:51:46:429" summary="Immuniser Results" alertlevel="1" description="ActiveX section has been immunised. No items were processed."/>
<value number="34" datetime="08/09/2008 19:04:11:465" summary="Scan Finished" alertlevel="1" description="&lt;b&gt;Scan Type&lt;/b&gt; - Full Scan&lt;br&gt;&lt;b&gt;Items Processed&lt;/b&gt; - 206177&lt;br&gt;&lt;b&gt;Threats Detected&lt;/b&gt; - 0&lt;br&gt;&lt;b&gt;Infections Detected&lt;/b&gt; - 0&lt;br&gt;&lt;b&gt;Infections Ignored&lt;/b&gt; - 0&lt;br&gt;"/>
<value number="35" datetime="08/09/2008 19:04:12:896" summary="Anti-Malware Engine" alertlevel="1" description="Anti-Malware engine configuration loaded successfully."/>

wyrmrider

  • Guest
Re: viruses
« Reply #37 on: September 09, 2008, 01:43:04 AM »
nice find
but that looks like the activity log
anything in quarantine?

tvdxrools

  • Guest
Re: viruses
« Reply #38 on: September 09, 2008, 02:23:47 AM »
nice find
but that looks like the activity log
anything in quarantine?
[/quote this is a bit more of the report ertlevel="2" description="&lt;b&gt;Threat Name&lt;/b&gt; - Trojan.TDSServ&lt;br&gt;&lt;b&gt;Type&lt;/b&gt; - Startup&lt;br&gt;&lt;b&gt;Risk Level&lt;/b&gt; - High&lt;br&gt;&lt;b&gt;Infection&lt;/b&gt; - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys, (Default) = driver&lt;br&gt;"/>
<value number="107" datetime="08/09/2008 19:42:01:551" summary="Infection was detected on this computer" alertlevel="2" description="&lt;b&gt;Threat Name&lt;/b&gt; - Trojan.TDSServ&lt;br&gt;&lt;b&gt;Type&lt;/b&gt; - Startup&lt;br&gt;&lt;b&gt;Risk Level&lt;/b&gt; - High&lt;br&gt;&lt;b&gt;Infection&lt;/b&gt; - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\TDSSserv.sys, (Default) = driver&lt;br&gt;"/>
<value number="108" datetime="08/09/2008 19:42:01:707" summary="Infection was detected on this computer" alertlevel="2" description="&lt;b&gt;Threat Name&lt;/b&gt; - Trojan.TDSServ&lt;br&gt;&lt;b&gt;Type&lt;/b&gt; - Startup&lt;br&gt;&lt;b&gt;Risk Level&lt;/b&gt; - High&lt;br&gt;&lt;b&gt;Infection&lt;/b&gt; - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\SafeBoot\Network\TDSSserv.sys, (Default) = driver&lt;br&gt;"/>
<value number="109" datetime="08/09/2008 19:42:01:863" summary="Infection was detected on this computer" alertlevel="2" description="&lt;b&gt;Threat Name&lt;/b&gt; - Trojan.TDSServ&lt;br&gt;&lt;b&gt;Type&lt;/b&gt; - Startup&lt;br&gt;&lt;b&gt;Risk Level&lt;/b&gt; - High&lt;br&gt;&lt;b&gt;Infection&lt;/b&gt; - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDSSserv.sys, (Default) = driver&lt;br&gt;"/>
<value number="110" datetime="08/09/2008 19:42:43:604" summary="Scan Finished" alertlevel="1" description="&lt;b&gt;Scan Type&lt;/b&gt; - Intelli-Scan&lt;br&gt;&lt;b&gt;Items Processed&lt;/b&gt; - 136833&lt;br&gt;&lt;b&gt;Threats Detected&lt;/b&gt; - 1&lt;br&gt;&lt;b&gt;Infections Detected&lt;/b&gt; - 72&lt;br&gt;&lt;b&gt;Infections Ignored&lt;/b&gt; - 0&lt;br&gt;"/>
<value number="111" datetime="08/09/2008 19:47:03:260" summary="Infection quarantined" alertlevel="2" description="&lt;b&gt;Threat Name&lt;/b&gt; - Trojan.TDSServ&lt;br&gt;&lt;b&gt;Type&lt;/b&gt; - Startup&lt;br&gt;&lt;b&gt;Risk Level&lt;/b&gt; - High&lt;br&gt;&lt;b&gt;Infection&lt;/b&gt; - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDSSserv.sys, (Default) = driver&lt;br&gt;"/>
<value number="112" datetime="08/09/2008 19:47:03:268" summary="Infection quarantined" alertlevel="2" description="&lt;b&gt;Threat Name&lt;/b&gt; - Trojan.TDSServ&lt;br&gt;&lt;b&gt;Type&lt;/b&gt; - Startup&lt;br&gt;&lt;b&gt;Risk Level&lt;/b&gt; - High&lt;br&gt;&lt;b&gt;Infection&lt;/b&gt; - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\SafeBoot\Network\TDSSserv.sys, (Default) = driver&lt;br&gt;"/>
<value number="113" datetime="08/09/2008 19:47:03:276" summary="Infection quarantined" alertlevel="2" description="&lt;b&gt;Threat Name&lt;/b&gt; - Trojan.TDSServ&lt;br&gt;&lt;b&gt;Type&lt;/b&gt; - Startup&lt;br&gt;&lt;b&gt;Risk Level&lt;/b&gt; - High&lt;br&gt;&lt;b&gt;Infection&lt;/b&gt; - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\TDSSserv.sys, (Default) = driver&lt;br&gt;"/>
<value number="114" datetime="08/09/2008 19:47:03:284" summary="Infection quarantined" alertlevel="2" description="&lt;b&gt;Threat Name&lt;/b&gt; - Trojan.TDSServ&lt;br&gt;&lt;b&gt;Type&lt;/b&gt; - Startup&lt;br&gt;&lt;b&gt;Risk Level&lt;/b&gt; - High&lt;br&gt;&lt;b&gt;Infection&lt;/b&gt; - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys, (Default) = driver&lt;br&gt;"/>
<value number="115" datetime="08/09/2008 19:47:03:292" summary="Infection quarantined" alertlevel="2" description="&lt;b&gt;Threat Name&lt;/b&gt; - Trojan.TDSServ&lt;br&gt;&lt;b&gt;Type&lt;/b&gt; - Startup&lt;br&gt;&lt;b&gt;Risk Level&lt;/b&gt; - High&lt;br&gt;&lt;b&gt;Infection&lt;/b&gt; - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\SafeBoot\Minimal\TDSSserv.sys, (Default) = driver&lt;br&gt;"/>
<value number="116" datetime="08/09/2008 19:47:03:299" summary="Infection quarantined" alertlevel="2" description="&lt;b&gt;Threat Name&lt;/b&gt; - Trojan.TDSServ&lt;br&gt;&lt;b&gt;Type&lt;/b&gt; - Startup&lt;br&gt;&lt;b&gt;Risk Level&lt;/b&gt; - High&lt;br&gt;&lt;b&gt;Infection&lt;/b&gt; - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\TDSSserv.sys, (Default) = driver&lt;br&gt;"/>
<value number="117" datetime="08/09/2008 19:47:03:310" summary="Infection quarantined" alertlevel="2" description="&lt;b&gt;Threat Name&lt;/b&gt; - Trojan.TDSServ&lt;br&gt;&lt;b&gt;Type&lt;/b&gt; - Registry Key&lt;br&gt;&lt;b&gt;Risk Level&lt;/b&gt; - High&lt;br&gt;&lt;b&gt;Infection&lt;/b&gt; - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\SERVICES\TDSSSERV&lt;br&gt;"/>
<value number="118" datetime="08/09/2008 19:47:03:318" summary="Infection quarantined" alertlevel="2" description="&lt;b&gt;Threat Name&lt;/b&gt; - Trojan.TDSServ&lt;br&gt;&lt;b&gt;Type&lt;/b&gt; - Registry Key&lt;br&gt;&lt;b&gt;Risk Level&lt;/b&gt; - High&lt;br&gt;&lt;b&gt;Infection&lt;/b&gt; - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\SERVICES\TDSSSERV&lt;br&gt;"/>
<value number="119" datetime="08/09/2008 19:47:03:327" summary="Infection quarantined" alertlevel="2" description="&lt;b&gt;Threat Name&lt;/b&gt; - Trojan.TDSServ&lt;br&gt;&lt;b&gt;Type&lt;/b&gt; - Registry Key&lt;br&gt;&lt;b&gt;Risk Level&lt;/b&gt; - High&lt;br&gt;&lt;b&gt;Infection&lt;/b&gt; - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\SERVICES\TDSSSERV&lt;br&gt;"/>
<value number="120" datetime="08/09/2008 19:47:03:337" summary="Infection quarantined" alertlevel="2" description="&lt;b&gt;Threat Name&lt;/b&gt; - Trojan.TDSServ&lt;br&gt;&lt;b&gt;Type&lt;/b&gt; - Registry Key&lt;br&gt;&lt;b&gt;Risk Level&lt;/b&gt; - High&lt;br&gt;&lt;b&gt;Infection&lt;/b&gt; - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ENUM\ROOT\LEGACY_TDSSSERV&lt;br&gt;"/>
<value number="121" datetime="08/09/2008 19:47:03:347" summary="Infection quarantined" alertlevel="2" description="&lt;b&gt;Threat Name&lt;/b&gt; - Trojan.TDSServ&lt;br&gt;&lt;b&gt;Type&lt;/b&gt; - Registry Key&lt;br&gt;&lt;b&gt;Risk Level&lt;/b&gt; - High&lt;br&gt;&lt;b&gt;Infection&lt;/b&gt; - .............................. and this is what is in quarintine .... 9 rogue antispyware pc.healthcentre......1 perfect key loader hkey_local_machine\software\microsoft\windows\current\version\run#sistray...........3 adware.agent.bn hkey_local_machinesoftware\currentversion\uninstall\web.............19 adware.bho.gen........72 trojan.tdsserv         

wyrmrider

  • Guest
Re: viruses
« Reply #39 on: September 09, 2008, 02:46:18 AM »
How did you get that posted as a copy?
hard to read
but it does look as if there are some quarantined items

TDSSserv.sys
which is may be a nasty and may involve a rootkit
SDFix can get it but you have to be able to follow instructions exactly

I'd like to see a Spybot scan log (no copy this time) and either the Avast boot time scan log or a Kaspersky AV on line scan

then read the stickie at the top of this forum and post a hijack this

any way to post that Spyware doctor in a clearer form?

what did MBAM forum say?

Avast has an anti rootkit feature  if we can't get Avast to run we need to use a different anti rootkit application
please advise


most all should get adware.agent.bn
if it is still around after spybot scan  these two get it
Super Anti Spyware
Windows Defender
take no action just put these on your "keep in mind" list
« Last Edit: September 09, 2008, 04:07:23 AM by wyrmrider »

wyrmrider

  • Guest
Re: viruses
« Reply #40 on: September 09, 2008, 04:11:55 AM »
Hello Snake

there is a new version of MBAM out
delete 1.26 and try 1.27

tvdxrools

  • Guest
Re: viruses
« Reply #41 on: September 09, 2008, 03:48:38 PM »
Hello Snake

there is a new version of MBAM out
delete 1.26 and try 1.27
Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata, affid<br>" />
  <value number="39" datetime="08/09/2008 19:38:46:303" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata, subid<br>" />
  <value number="40" datetime="08/09/2008 19:38:46:334" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Key<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata<br>" />
  <value number="41" datetime="08/09/2008 19:38:46:428" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss, build<br>" />
  <value number="42" datetime="08/09/2008 19:38:46:428" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss, type<br>" />
  <value number="43" datetime="08/09/2008 19:38:46:428" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss, errors_url<br>" />
  <value number="44" datetime="08/09/2008 19:38:46:443" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss, cmddelay<br>" />
  <value number="45" datetime="08/09/2008 19:38:46:443" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss, serversdown<br>" />
  <value number="46" datetime="08/09/2008 19:38:46:443" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss\connections, 72.233.79.42<br>" />
  <value number="47" datetime="08/09/2008 19:38:46:443" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Key<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss\connections<br>" />
  <value number="48" datetime="08/09/2008 19:38:46:443" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss\disallowed, gmer.sys<br>" />
  <value number="49" datetime="08/09/2008 19:38:46:443" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss\disallowed, mbamswissarmy.sys<br>" />
  <value number="50" datetime="08/09/2008 19:38:46:443" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Key<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss\disallowed<br>" />
  <value number="51" datetime="08/09/2008 19:38:46:443" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss\injector, *<br>" />
  <value number="52" datetime="08/09/2008 19:38:46:443" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Key<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss\injector<br>" />
  <value number="53" datetime="08/09/2008 19:38:46:459" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - this is part of the report i willneed to put rest of report in another quote
« Last Edit: September 09, 2008, 03:50:14 PM by tvdxrools »

tvdxrools

  • Guest
Re: viruses
« Reply #42 on: September 09, 2008, 04:01:14 PM »
Hello Snake

there is a new version of MBAM out
delete 1.26 and try 1.27
Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata, affid<br>" />
  <value number="39" datetime="08/09/2008 19:38:46:303" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata, subid<br>" />
  <value number="40" datetime="08/09/2008 19:38:46:334" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Key<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata<br>" />
  <value number="41" datetime="08/09/2008 19:38:46:428" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss, build<br>" />
  <value number="42" datetime="08/09/2008 19:38:46:428" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss, type<br>" />
  <value number="43" datetime="08/09/2008 19:38:46:428" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss, errors_url<br>" />
  <value number="44" datetime="08/09/2008 19:38:46:443" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss, cmddelay<br>" />
  <value number="45" datetime="08/09/2008 19:38:46:443" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss, serversdown<br>" />
  <value number="46" datetime="08/09/2008 19:38:46:443" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss\connections, 72.233.79.42<br>" />
  <value number="47" datetime="08/09/2008 19:38:46:443" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Key<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss\connections<br>" />
  <value number="48" datetime="08/09/2008 19:38:46:443" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss\disallowed, gmer.sys<br>" />
  <value number="49" datetime="08/09/2008 19:38:46:443" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss\disallowed, mbamswissarmy.sys<br>" />
  <value number="50" datetime="08/09/2008 19:38:46:443" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Key<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss\disallowed<br>" />
  <value number="51" datetime="08/09/2008 19:38:46:443" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss\injector, *<br>" />
  <value number="52" datetime="08/09/2008 19:38:46:443" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Key<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss\injector<br>" />
  <value number="53" datetime="08/09/2008 19:38:46:459" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - this is part of the report i willneed to put rest of report in another quote
value number="54" datetime="08/09/2008 19:38:46:475" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss\version, /ctl/crcmds/knock<br>" />
  <value number="55" datetime="08/09/2008 19:38:46:475" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Key<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss\version<br>" />
  <value number="56" datetime="08/09/2008 19:38:46:475" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Key<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss<br>" />
  <value number="57" datetime="08/09/2008 19:38:46:693" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\CONTROL\SAFEBOOT\MINIMAL\TDSSSERV.SYS, (Default)<br>" />
  <value number="58" datetime="08/09/2008 19:38:46:693" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Key<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\CONTROL\SAFEBOOT\MINIMAL\TDSSSERV.SYS<br>" />
  <value number="59" datetime="08/09/2008 19:38:46:693" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\CONTROL\SAFEBOOT\MINIMAL\TDSSSERV.SYS, (Default)<br>" />
  <value number="60" datetime="08/09/2008 19:38:46:693" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Key<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\CONTROL\SAFEBOOT\MINIMAL\TDSSSERV.SYS<br>" />
  <value number="61" datetime="08/09/2008 19:38:46:693" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b>

tvdxrools

  • Guest
Re: viruses
« Reply #43 on: September 09, 2008, 04:07:00 PM »
Hello Snake

there is a new version of MBAM out
delete 1.26 and try 1.27
Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata, affid<br>" />
  <value number="39" datetime="08/09/2008 19:38:46:303" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata, subid<br>" />
  <value number="40" datetime="08/09/2008 19:38:46:334" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Key<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata<br>" />
  <value number="41" datetime="08/09/2008 19:38:46:428" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss, build<br>" />
  <value number="42" datetime="08/09/2008 19:38:46:428" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss, type<br>" />
  <value number="43" datetime="08/09/2008 19:38:46:428" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss, errors_url<br>" />
  <value number="44" datetime="08/09/2008 19:38:46:443" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss, cmddelay<br>" />
  <value number="45" datetime="08/09/2008 19:38:46:443" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss, serversdown<br>" />
  <value number="46" datetime="08/09/2008 19:38:46:443" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss\connections, 72.233.79.42<br>" />
  <value number="47" datetime="08/09/2008 19:38:46:443" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Key<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss\connections<br>" />
  <value number="48" datetime="08/09/2008 19:38:46:443" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss\disallowed, gmer.sys<br>" />
  <value number="49" datetime="08/09/2008 19:38:46:443" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss\disallowed, mbamswissarmy.sys<br>" />
  <value number="50" datetime="08/09/2008 19:38:46:443" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Key<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss\disallowed<br>" />
  <value number="51" datetime="08/09/2008 19:38:46:443" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss\injector, *<br>" />
  <value number="52" datetime="08/09/2008 19:38:46:443" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Key<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss\injector<br>" />
  <value number="53" datetime="08/09/2008 19:38:46:459" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - this is part of the report i willneed to put rest of report in another quote
value number="54" datetime="08/09/2008 19:38:46:475" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss\version, /ctl/crcmds/knock<br>" />
  <value number="55" datetime="08/09/2008 19:38:46:475" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Key<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss\version<br>" />
  <value number="56" datetime="08/09/2008 19:38:46:475" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Key<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SOFTWARE\tdss<br>" />
  <value number="57" datetime="08/09/2008 19:38:46:693" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\CONTROL\SAFEBOOT\MINIMAL\TDSSSERV.SYS, (Default)<br>" />
  <value number="58" datetime="08/09/2008 19:38:46:693" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Key<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\CONTROL\SAFEBOOT\MINIMAL\TDSSSERV.SYS<br>" />
  <value number="59" datetime="08/09/2008 19:38:46:693" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\CONTROL\SAFEBOOT\MINIMAL\TDSSSERV.SYS, (Default)<br>" />
  <value number="60" datetime="08/09/2008 19:38:46:693" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Key<br><b>Risk Level</b> - High<br><b>Infection</b> - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\CONTROL\SAFEBOOT\MINIMAL\TDSSSERV.SYS<br>" />
  <value number="61" datetime="08/09/2008 19:38:46:693" summary="Infection was detected on this computer" alertlevel="2" description="<b>Threat Name</b> - Trojan.TDSServ<br><b>Type</b> - Registry Value<br><b>Risk Level</b> - High<br><b>Infection</b>
there is a lot more to the report to much to post her but ihave saved the whole thing as a document maybe it will give u an idea of whats going on

wyrmrider

  • Guest
Re: viruses
« Reply #44 on: September 09, 2008, 05:57:40 PM »
It does
It looks as if Spyware Doctor did a good job with these two problems
Now we need to double check to see if any of their "friends" hitched a ride
see if you can get an Anti Virus scan
and
a different Anti Spyware/ anti Malware scan

Me- I'd post to the Spyware Doctor forum- there has to be an easier to read version of that log
and
did you post to MBAM and RR forums?

If those two and avast will not run we still have a problem somewhere
did you try them again after SD procedure
perhaps the blockage is gone- We can hope

Wyrmrider