Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Programs keep crashing, not sure if it's related to previous malware removal


  • This topic is locked This topic is locked
3 replies to this topic

#1 MikeJDL

MikeJDL

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 10 April 2009 - 04:24 PM

Hey there,

So, I'm not sure what exactly my problem is. Recently I had become infected with some malware (TDSS.sys and UACd.sys) and I took measures to remove them as best as I could. Further scans don't seem to find anything else, but I can't be certain I've gotten everything as I'm still having some strange behavior.

Initially, I noticed that I had something because my google seaches were being redirected when I would click on any search result (windowsclick.com, I believe) and in investigating and trying to fix that I found the TDSS rootkit and then later UACd. Spybot S&D would catch the TDSS infections and remove them, but they would come right back after opening a new browser, so I found Malwarebytes Anti-Malware and scanned my computer and seemed to successfully remove the TDSS and windowsclick problems.

Just the other day though I got a BSOD while browsing the internet (unfortunately, I didn't get a chance to read/copy it) and ever since then programs are constantly crashing on me. Internet explorer, AIM, iTunes, windows media player, winamp, to name a few, will crash immediately after they load. Always the same programs.

So, to make sure I didn't have anything else, I also downloaded GMER and scanned with that and found UACd.sys. After some searching I found out that ComboFix could remove the UACd rootkit and so I downloaded and ran that and seemingly took care of UACd, yet my problem still persists.

My only conclusions are that either my windows installation has just become corrupt, I screwed something up in the process of removing that malware, or there's still something infecting me?

I'm running Windows XP SP3, I've got all the critical updates as far as I'm aware and I'm using Firefox to post this (as Internet Explorer just isn't able to stay running).
I run AVG 8.5 (free version), Spybot S&D, Spywareblaster and Ad-Aware (though Ad-Aware doesn't seem to ever catch anything) for security.
I apologize for the long post (or if I've omitted any obvious information you might need), but I figure it's best to be thorough in explaining my problem.

Thanks in advance for your time,

-Mike

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:05:50 PM

Posted 10 April 2009 - 07:58 PM

Usually with UAC, you're better off reinstalling the OS
Since you have done everything in your post, I'd suggest posting in our HJT forum for more in-depth help




Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 MikeJDL

MikeJDL
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 11 April 2009 - 12:06 AM

Ok, thanks very much for the response! :thumbsup:

I will go ahead and follow those instructions and then repost this in the HJT Forums.


-Mike

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,009 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:50 PM

Posted 11 April 2009 - 03:17 PM

Hello MikeJDL,

Now that you have a log posted here: http://www.bleepingcomputer.com/forums/t/218493/tdsssys-and-uacdsys/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users