Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tdss* Infected


  • Please log in to reply
13 replies to this topic

#1 tdqueue

tdqueue

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 05 October 2008 - 07:25 PM

Good Evening.

I have a pc running Windows XP SP3, that has several files infected with some viruses that my Trend Micro scan identifed/quarentined as tdss.* in the windows/system32 directory. I searched this site and found a person with a similar sounding issue, post 'Virus Infection (tdss And Aspi?)' from August 23, 2008 by davidec. I followed the instructions from 'quietman7'', I downloaded Malwarebytes Anti-Malware onto a flash drive and was able to launch Malewarebytes on the infected pc from the flash drive. ( I was unable to access the internet from the infected pc). With that said, I was not able to get updates, therefore I directly went to the Scanner tab and selected Perform Quick Scan and hit the scan button. The scan took just over four hours to complete. It found approximately 30 files with some type of issues. I clicked 'Show Results', made sure there were checked and hit the Remove Selected button. Fifteen minutes later the 'removal' completed with the exception of about seven files all ending with 'tdss.*' The message said that these files could not be removed, restarting windows would remove these files. I click 'ok' to proceed, which I thought would shut down the computer and restart. Nothing happened for about 15 minutes. I then attempted to restart the pc via the start menu, again nothing happened ( Windows wouldn't shut down). I closed the notepad and pulled the flash drive, closed the E:// drive window and tryed to shut down the pc again. The pc still wouldn't shut down. I went to bed leaving it in that state. The next morning I tried to shut the pc down again, nothing. I cut the power to the pc, to shut it down. Now when I try to start the pc, I get the wallpaper up and that is it. I cannot get Task Manaager up by hitting <ctl><alt<del>. All i get is the wallpaper with no icons. Any suggestions? thanks in advance.

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 AM

Posted 05 October 2008 - 07:41 PM

Try running this scan. You can transfer it to the problem computer on a pen drive.

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on the .exe to start the program.
  • Cancel any prompts to download the latest CureIt version and click Start.
  • At the prompt to "Start scan now", click Ok. Allow the setup.exe/driver to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 tdqueue

tdqueue
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 05 October 2008 - 08:28 PM

I have a laptop that I'v been using to write these post, as well as download the Dr.Web CureIt file to a portable drive. I powered up the infected pc, accessed SafeMode start using the F8 method. After hitting enter to satr Windows in Safe mode several file information lines beagn to scloo up the screen, stopping with about 23 lines, a full screen, of thees lines displaying. Its been thes way for abpout 20 minutes now. The bottom lone says multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\agpCPQ.sys .
This can't be good.
Any I can do now?

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 AM

Posted 05 October 2008 - 08:38 PM

If you can boot into Safe Mode with Command Prompt, try restoring your computer back to before you got this infection to see if it will then boot in Windows.

How to start the System Restore tool at a command prompt in Windows XP
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 tdqueue

tdqueue
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 05 October 2008 - 09:10 PM

Started in Safe Mode withCommand Prompt, it got as far as it did when starting in plain Safe Mode. However, this time after a couple on minutes I get the blue Stop Error Screen....
"A problem has been detected and windows has been shut down to prevent damage to your computer.
The video driver failed to initialize.

Technical infirmation:
***Stop: 0x000000B4 (0x86E82B00, 0x8D81000, 0x86D8C000, 0x00050000)"

I shut it off and power uo a secind time, started in Safe Mode with Command Prompt, same result the the Blue error screen.

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 AM

Posted 05 October 2008 - 10:01 PM

Insert your Windows XP CD into the CD drive, and then restart the computer. Click to select any options that are required to start the computer from the CD drive if you are prompted. When the "Welcome to Setup" screen appears, press R to start the Recovery Console. If you have a dual-boot or multiple-boot computer, select the installation that you must access from the Recovery Console. When you are prompted, type the Administrator password. If the administrator password is blank, just press ENTER.

Type: chkdsk /r

It's important to have a space before the "/".

To exit the Recovery Console and restart the computer, type exit at the command prompt, and then press ENTER.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 tdqueue

tdqueue
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 06 October 2008 - 07:57 PM

Check disk completed, still couldn't start in Safe Mode , or Safe Mode with Command Prompt, same results as before ,

#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 AM

Posted 06 October 2008 - 08:02 PM

Did Check-Disk report any errors?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#9 tdqueue

tdqueue
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 06 October 2008 - 08:20 PM

Yes, it said, 'CHKDSK found and fixed one or more errors." II jus rans chkdsk /r again sane results, still on the screen.

#10 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 AM

Posted 06 October 2008 - 08:47 PM

If check-disk keeps reporting errors you may have a faulty hard drive.

What is the make and model number of your computer?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#11 tdqueue

tdqueue
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 06 October 2008 - 08:55 PM

Dell, Dimension 3000.

#12 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 AM

Posted 06 October 2008 - 09:41 PM

Try running the hard drive diagnostic test.

http://support.dell.com/support/topics/glo...lang=en&cs=
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#13 tdqueue

tdqueue
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 07 October 2008 - 08:22 PM

I couldn't get the diagnostic test to start using the method described on the Dell support page. I re-booted. hit F12 to go to the Boot menu and ran IDE Drive Diagnostic , option 6. This returned the following....

Primary IDE
Driver 0: Maxtor 6Y080L0 - Fail. Return Code: 7
Driver 1: No IDE device


I was looking on the Dell site for information on this return code. Not much help.

#14 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 AM

Posted 07 October 2008 - 08:31 PM

Try testing the drive with SeaTools for DOS.

http://www.seagate.com/www/en-us/support/downloads/seatools/
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users