Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor.TDSS.565 [Moved]


  • Please log in to reply
5 replies to this topic

#1 h3x

h3x

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 13 December 2009 - 08:47 PM

I did all the steps kris_h did (http://www.bleepingcomputer.com/forums/topic275086.html) and even run without permission the combofix, no matter what I do I still have the trojan Backdoor.TDSS.565 modify my atapi.sys and all the programs and process it also create a virtual (non accessible file) to download all the updates!!

:S

Can somebody please help me with this???

BC AdBot (Login to Remove)

 


#2 h3x

h3x
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 13 December 2009 - 09:20 PM

Pleaseee?

No one?

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:34 AM

Posted 13 December 2009 - 09:43 PM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,219 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:34 AM

Posted 13 December 2009 - 09:59 PM

Wow having dangerously followed a fix for someone else's PC we don't know what wrong things you may have removed . The safest way now is to post a proper log and see if it can be found.
You will need to run HJT/DDS.
Please follow this guide. go and do steps 6 thru 8 ,, Preparation Guide For Use Before Using Hijackthis. Then go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post that complete log.

Let me know if it went OK.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 h3x

h3x
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 15 December 2009 - 10:13 PM

Sorry for the delay, the trj had me offline!!!

It also do not let me use root repeal it gives me an error msg:
23:15:54: FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x00000128)
23:15:54: DeviceIoControl Error! Error Code = 0x1e7
23:15:54: FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x00000128)



... And the dds says it will not run in DOS mode :thumbsup:


Im getting crazyyyyy, the trj keep uploading every 5 minutes new updates and deactivate my firewall!!

Edited by h3x, 15 December 2009 - 10:17 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,219 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:34 AM

Posted 16 December 2009 - 10:32 AM

Well we are infected..
If you cannot get DDS to work, please try this instead.

Please download RSIT by random/random and save it to your Desktop.
Note: You will need to run this tool while connected to the Internet so it can download HijackThis if it is not located on your system. If you get a warning from your firewall or other security programs regarding Rist attempting to contact the Internet, please allow the connection.
  • Close all applications and windows so that you have nothing open and are at your Desktop.
  • Double-click on RSIT.exe to start the program.
  • If using Windows Vista, be sure to Run As Administrator.
  • Click Continue after reading the disclaimer screen.
  • Leave the drop down box set to default: "List/folders created or modified in the last 1 month (30 days).
  • When the scan is complete, a text file named log.txt will automatically open in Notepad.
  • Save the log file to your desktop and copy/paste the contents into a new topic in the HijackThis Logs and Malware Removal forum, NOT here.
Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run.
If RSIT did not work, then reply back here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users