Help
I started my computer in safemode, deleted my TEMP-folder, de-installed Avira, tried to install it again, but after re-installation it would not let me run system scans (also not in Normal mode).
Installing AVG was somehow impossible, so I downloaded MBAM and it found the following:
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bkaqoqocefuw (Trojan.Agent.U) -> Value: Bkaqoqocefuw -> Quarantined and deleted successfully.
- c:\Users\Miek\AppData\Local\Temp\err.log101561112 (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
- c:\Users\Miek\AppData\Roaming\Adobe\plugs\kb101623450.exe (Trojan.Agent) -> Quarantined and deleted successfully.
- c:\Users\Miek\AppData\Roaming\Adobe\plugs\kb101662591.exe (Trojan.Agent) -> Quarantined and deleted successfully.
- c:\Users\Miek\AppData\Local\Nlnhib.dll (Trojan.Agent.U) -> Quarantined and deleted successfully.
After that, I was able to install AVG and it found nothing, apart from some tracking cookies.
However, when using Google in Firefox, i suddenly had redirects to Malware sites!
Also, my computer was really slow, calculating like mad when closing down.
Besides, while starting up, I once got a bluescreen of death (I did not take a picture, unfortunately)
And I also got a strange login screen, where I could only enter a nameless useraccount, while my two normal accounts had disapeared.
This went away after restarting.
AVG and MBAM found nothing, so I tried TDSS Killer, and it found a TDL4 Rootkit, I had it removed a couple of hours ago,
and my computer seems to be doing fine. After that, I also ran HitmanPro3.5, it only found some tracking cookies.
TDSS Killer keeps finding a suspicious file:
C:\Windows\System32\Drivers\sptd.sys
Is this dangerous? Can I remove it?
Here is my GMER log:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-19 15:54:16
Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3320620AS rev.3.ADG
Running: mp1lwpxk.exe; Driver: C:\Users\Miek\AppData\Local\Temp\fwtdqpod.sys
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84C181F8
Device \Driver\atapi \Device\Ide\IdePort0 84C181F8
Device \Driver\atapi \Device\Ide\IdePort1 84C181F8
Device \Driver\atapi \Device\Ide\IdePort2 84C181F8
Device \Driver\atapi \Device\Ide\IdePort3 84C181F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 84C181F8
Device \FileSystem\Ntfs \Ntfs 84C191F8
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
Device \FileSystem\fastfat \Fat 85EE7500
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Bestandssysteemfilterbeheer/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----
I just want to be sure that my system is clean again, because I am worried about my privacy and the safety of my files.
As you have probably concluded after reading the above, I am not a whizzkid, but I followed up some of the advices given to others on different forums. Any help or reassurance would be greatly appreciated! Thank you in advance!
Back to top
