BleepingComputer.com: Infected with TDSS & Google keeps redirecting

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

Infected with TDSS & Google keeps redirecting TDSSkiller unable to remove threats

#16 User is offline   fireman4it 

  • Bleepin' Fireman
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 8,316
  • Joined: 24-May 08
  • Gender:Male
  • Location:Bement, ILL

Posted 26 October 2011 - 04:07 PM

Hello,

Quote

Virus:Win32/Patchload.O
Disinfected
file:\System Volume Information\_restore{DE83407A-C836-4D2B-8971-497418DA60E4{\RP1236\A0171165.rbf

Virus:Win32/Patchload.O
Disinfected
file:\System Volume Information\_restore{DE83407A-C836-4D2B-8971-497418DA60E4{\RP1233\A0170822.exe

TrojanDropper:Win32/Sirefef.B
Removed
file:\System Volume Information\_restore{DE83407A-C836-4D2B-8971-497418DA60E4{\RP1241\A0173348.sys
file:\System Volume Information\_restore{DE83407A-C836-4D2B-8971-497418DA60E4{\RP1246\A0173406.sys
file:\System Volume Information\_restore{DE83407A-C836-4D2B-8971-497418DA60E4{\RP1246\A0173410.sys
file:\System Volume Information\_restore{DE83407A-C836-4D2B-8971-497418DA60E4{\RP1246\A0173416.sys

Virus:Win32/Patchload.O
Disinfected
file:\System Volume Information\_restore{DE83407A-C836-4D2B-8971-497418DA60E4{\RP1246\A0173414.exe

Backdoor:Win32/Smadow.gen!B
Removed
file:\System Volume Information\_restore{DE83407A-C836-4D2B-8971-497418DA60E4{\RP1232\A0170606.ini
file:\System Volume Information\_restore{DE83407A-C836-4D2B-8971-497418DA60E4{\RP1232\A0170706.ini
file:\System Volume Information\_restore{DE83407A-C836-4D2B-8971-497418DA60E4{\RP1233\A0170726.ini
file:\System Volume Information\_restore{DE83407A-C836-4D2B-8971-497418DA60E4{\RP1235\A0170899.ini
file:\System Volume Information\_restore{DE83407A-C836-4D2B-8971-497418DA60E4{\RP1235\A0170912.ini
file:\System Volume Information\_restore{DE83407A-C836-4D2B-8971-497418DA60E4{\RP1236\A0171287.ini
file:\System Volume Information\_restore{DE83407A-C836-4D2B-8971-497418DA60E4{\RP1239\A0172026.ini


Those are nothing to worry about. Now that we have ran Combofix uninstall your restore point has been reset till present which means all those others will be gone.


Congratulations! You now appear clean! :cool:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.



Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install

  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-

Posted Image
Posted Image

If I have helped you, consider making a donation to help me continue the fight against Malware!
Just click Posted Image

#17 User is offline   fireman4it 

  • Bleepin' Fireman
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 8,316
  • Joined: 24-May 08
  • Gender:Male
  • Location:Bement, ILL

Posted 28 October 2011 - 11:36 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it
" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-

Posted Image
Posted Image

If I have helped you, consider making a donation to help me continue the fight against Malware!
Just click Posted Image

#18 User is offline   riskb 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 11
  • Joined: 23-October 11

Posted 29 October 2011 - 02:22 AM

Good morning fireman4it, yes I am still here and have been working through your instructions.

I`ve used startuplite and used OTC.

I`ve installed Zonealarm in place of the standard Windows Firewall and installed Spyware Blaster.

I`ve installed the MPVs Hosts File and read the Tutorial on Hosts file but I do not understand it.

I`ve installed Malware Byte's Anti Malware.

I`m STILL having trouble with microsoft updates. I`ve repeatedly installed Malicious software removal tool but am still being told to install it.
I`ve followed the instructions for this problem on the Microsoft site, including downloading it to the desktop and then installing it after starting in Safe Mode.

Any answers to this problem would helpful.

Other than that, my computer is running fine.

Regards,

Rick.

#19 User is offline   fireman4it 

  • Bleepin' Fireman
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 8,316
  • Joined: 24-May 08
  • Gender:Male
  • Location:Bement, ILL

Posted 29 October 2011 - 11:20 AM

Hello,


You should be able to just ignore that update as you really don't need it this time. you should be able to select "Don't show me this update again"?
It comes once a month its more or less a Antivirus scanner tweaked up. Since we have cleaned your machine there is no need for it.
" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-

Posted Image
Posted Image

If I have helped you, consider making a donation to help me continue the fight against Malware!
Just click Posted Image

#20 User is offline   riskb 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 11
  • Joined: 23-October 11

Posted 29 October 2011 - 11:32 AM

In that case, everything is fine. Thank you very much for all your help. Regards, Rick :thumbup2: .

#21 User is offline   fireman4it 

  • Bleepin' Fireman
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 8,316
  • Joined: 24-May 08
  • Gender:Male
  • Location:Bement, ILL

Posted 29 October 2011 - 01:18 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-

Posted Image
Posted Image

If I have helped you, consider making a donation to help me continue the fight against Malware!
Just click Posted Image

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users