Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDSSserv


  • This topic is locked This topic is locked
2 replies to this topic

#1 bedges

bedges

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 06 February 2009 - 12:36 PM

Windows XP pro.

I ran an AVG scan this morning for the first time in a few weeks and appear to have picked up this rather persistent fellow. I've run Malwarebyte's Anti-Malware (which finds nothing) and AVG scans now come up clear. I've cleared all the temp folders with ATF Cleaner, and run a few OTScans - when it hits the command line part AVG fires off a warning about trdqyokv.dll in the Local Settings/Temp/ folder, only the folder seems to be empty.

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSpqxt.sys"
"group"="file system"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules]
"TDSSserv"="\systemroot\system32\drivers\TDSSpqxt.sys"
"TDSSl"="\systemroot\system32\TDSSoeqh.dll"
"tdssservers"="\systemroot\system32\TDSSosvn.dat"
"tdssmain"="\systemroot\system32\TDSSnrse.dll"
"tdsslog"="\systemroot\system32\TDSSliqp.dll"
"tdssadw"="\systemroot\system32\TDSScfou.dll"
"tdssinit"="\systemroot\system32\TDSSfpmp.dll"
"tdssurls"="\systemroot\system32\TDSSnmxh.log"
"tdsspanels"="\systemroot\system32\TDSSsbhc.dll"
"tdsserrors"="\systemroot\system32\TDSSthym.log"
"TDSSproc"="\systemroot\system32\TDSStkdv.log"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDSSserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSpqxt.sys"
"group"="file system"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules]
"TDSSserv"="\systemroot\system32\drivers\TDSSpqxt.sys"
"TDSSl"="\systemroot\system32\TDSSoeqh.dll"
"tdssservers"="\systemroot\system32\TDSSosvn.dat"
"tdssmain"="\systemroot\system32\TDSSnrse.dll"
"tdsslog"="\systemroot\system32\TDSSliqp.dll"
"tdssadw"="\systemroot\system32\TDSScfou.dll"
"tdssinit"="\systemroot\system32\TDSSfpmp.dll"
"tdssurls"="\systemroot\system32\TDSSnmxh.log"
"tdsspanels"="\systemroot\system32\TDSSsbhc.dll"
"tdsserrors"="\systemroot\system32\TDSSthym.log"
"TDSSproc"="\systemroot\system32\TDSStkdv.log"
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully

I've had a look at the registry and sure enough the TDSServ entries are there.

Any help getting rid of this would be greatly appreciated. Thanks in advance.

BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:09 PM

Posted 13 February 2009 - 06:56 PM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this do following steps, please:

Download and install TrendMicro HijackThis
* Once installed open HijackThis by clicking Start > Programs > HijackThis and click the button labeled
Do a system scan only

* Click the scan button in the lower left hand corner of the interface and HijackThis will quickly scan your system.
* Once the scan is complete the scan button will now read save log. Click this button to save the log file to your PC. Once you select where you would like to save the file it will open in your systems default text editor. Typically this application is Notepad. Post the log here.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:09 PM

Posted 20 February 2009 - 03:43 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users