Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

W32/dloader.erdb


  • Please log in to reply
3 replies to this topic

#1 GaRaGuMo

GaRaGuMo

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 26 December 2007 - 12:17 PM

Hi,

I just scanned my c:\windows\system32 folder using F-SECURE Online Scanner. Then AVG Free Ed was triggered to detect a threat ("Threat Detected! while opening file c:windows\system32\drivers\tdlserv.sys"). AVG can't heal or move it to vault ("Requested action is not available for this object. Access tot he file has been denied"). The only action was to ignore the file.

F-Secure wasn't able to delete this file too.

I hope someone could help me with this.

Thanks.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:29 PM

Posted 26 December 2007 - 01:04 PM

Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Please download AVG Anti-Rootkit and save to your desktop
  • Double click avgarkt-setup-1.1.0.42.exe to install. By default it will install to C:\Program Files\GRISOFT\AVG Anti-Rootkit
  • Accept the license and follow the prompts to install.
  • You will be asked to reboot to finish the installation so click "Finish".
  • After rebooting, double-click the icon for AVG Anti-Rootkit on your desktop.
  • You will see a window with four buttons at the bottom.
  • Click "Search For Rootkits" and the scan will begin.
  • You will see the progress bar moving from left to right. The scan will take some so be patient and let it finish.
  • When the scan has finished, a small window will open so you can view the results.
  • Right click and select "Save Result To File".
  • By default the file will be saved with a .csv extension. (You can use notepad to open the .cvs file)
  • Copy and paste the results in your next reply.
  • If anything was found, click "Remove selected items"
  • If nothing was found, please click the "Perform in-depth Search" saving anything found to file as before.
Note: Close all open windows, programs, and DO NOT USE the computer while scanning. If the scan is performed while the computer is in use, false positives may appear in the scan results. This is caused by files or registry entries being deleted automatically.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 GaRaGuMo

GaRaGuMo
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 26 December 2007 - 02:21 PM

Hi quietman7,

I already followed the Bleeping Computer Tutorial about "Using Blacklight to detect & remove rootkits from your computer". I think it was gone!

also followed your tip to scan it with AVG Anti-Rootkit. And it found nothing in "in-depth search".

Many thanks to you and the team.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:29 PM

Posted 26 December 2007 - 02:56 PM

Good job.

Now you should Create a New Restore Point to enable your computer to "roll-back" to a clean working state. Then use Disk Cleanup to remove all but the most recently created Restore Point.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users