I tried following the instructions given there, entering "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v in the run box and 1st I got the Security Warning 'Do I want to run this file?' I pressed run and promptly got an error box.
Valid command line parameters:
-l <file_name> (path to log file)
-qpath <folder_name> (path to quarantine folder)
-qall (copy all objects to quarantine)
-qsus (copy all suspicious items to quarantine)
-qmbr (copy all mbr to quarantine)
-qcsvc <service_name> (copy service to quarantine)
-dcsvc <service_name> (delete service)
By the looks of what I was trying to do, I would say that the first item in this list is the one that is posing a problem. Is there something wrong with that command line?
I am using Windows XP Home, v5.1 SP3, and just to add to the confusion, while I am on this site I am not getting attacked. As soon as I leave I'm being hit at least every 2 minutes.
Additional info @ 23:00. I have taken a note of the exact times, where the attacks came from, what they were attempting to access and the port number they were trying to again access through. They were all aimed at CHROME.EXE
(Why should the port numbers keep increasing? I presume the figure after the comma is a port number.)
21:40:42 li1i16b0.com (126.96.36.199,443) attacks [my computer] port 3712
21:50:42 zz87jhfda88.com (188.8.131.52,443) port 3771
22:00:42 n16fa53.com (184.108.40.206,443) port 3853
22:51:40 li1i16b0.com (220.127.116.11,443) port 4342
23:01:40 zz87jhfda88.com (18.104.22.168,443) port 4391
23:11:41 n16fa53.com (22.214.171.124,443) port 4472
And a new one
23:21:41 01n02n4cx00.cc (126.96.36.199,443) port 4509
Edited by CUJimmie, 20 August 2010 - 05:33 PM.
Moved from XP forum to Am I Infected ~ Hamluis.