Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Update, System Restore Point,


  • Please log in to reply
2 replies to this topic

#1 sunfrog

sunfrog

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 29 January 2009 - 05:37 AM

Hi,
This is my first post on to bleeping computer. I think I have a virus problem, but it is not being detected. Please help.

History:
I downloaded a movie, it was .wmv file, which requested a license. I downloaded the license and the problem starts. Symantec antivirus said it was Backdoor.Tidserv!inf and was not able to clean up and hanged.

Actions done
1. Disconnected from net, got Malwarebytes current from another computer, ran it. It gave

Trojan.FakeAlert,
Trojan.DNS Changer
Trojan.Agent

I got these cleaned it using Malwarebytes
2. My c and d drives wont open on double click, got this fixed by using Auto run Eater.
3. Subsequently, I scanned my comp using

Backlight
Semantec antivirus
SuperAntiSpyware
Spybot Search and Destroy
Spyware Gaurd - installed it
Spyware blaster

In safe mode using


Malwarebytes
Spybot Search and Destroy

All these I have done reading the various other topics of bleeping comp.
All of the above say there are NO PROBLEMS

Current Situation:
I have the following problems

1. My windows update service is running, but is set to "Notify me and dont install", I cannot do windows update
2. Browser redirection to google.com if I go to windows update url, Event viewer confirms this, it has a failure message.
3. Cannot go to sites www.malwarebytes.org or spybot site
4. Cannot create a System Restore Point. Reboot and try again message appears
5. I cannot format the machine due to official reasons.
6. I cannot start windows defragmentation

7. Other wise it is not slow and working perfectly, other sites open.
8. I installed Comodo Firewall, dont know if the settings are right though.

So I am worried on what if something big happens like ID theft, somebody hijacking my comp by the backdoors etc.

Any help would really be appreciated.

Edited by sunfrog, 29 January 2009 - 06:31 AM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,804 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:45 AM

Posted 01 February 2009 - 02:08 AM

Moving from HiJack This forum to Am I Infected as there are no logs. ~ OB
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 sunfrog

sunfrog
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 02 February 2009 - 05:17 AM

Hi,
I could cure the problem:

The infection were
a. Packed.Generic.200
b. Bid.Tidinf!serv
c. Two back door registry keys
d. Dns changer

following are the steps
1. Got all windows update from another machine, downloaded all updates except sp3 and ran them.
2. Disabled system restore as Packed.Generic was coming from there
3. Installed ie7 but stopped using IE
4. flushed DNS
5. disabled the keys on plug and play on device manager which read as "catch me"

All these enabled the system restore and windows update.

The hidden registry keys serving as backdoor could not be removed, so i changed the path to that key by altering the name. hope that stops the intruder.

hope this helps to someone.

Edited by sunfrog, 02 February 2009 - 05:18 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users