Backdoor Tdss.565 Keeps Returning
#1
Отправлено 10 Апрель 2010 - 06:58
(I have the windows version and am running XP)
Thanks for any help you may be able to offer.
Maria
#2
Отправлено 10 Апрель 2010 - 12:46
#3
Отправлено 10 Апрель 2010 - 13:25
You can read this and this russian forum threads, i believe these would help you too. You can use online-translator.com for translation.
#4
Отправлено 10 Апрель 2010 - 19:11
I'm going to go translate the other posts now!
Thanks again
Maria.
#5
Отправлено 10 Апрель 2010 - 19:26
#6
Отправлено 10 Апрель 2010 - 19:40
#7
Отправлено 11 Апрель 2010 - 02:49
Desktop--a mess. I have two drives on this machine, both bootable. Neither can boot to safe mode, though. Nor can they boot to an XP disk. On the other hand, the second drive is clearly not as compromised as my main drive. After running Combo Fix as someone on another site suggested in order to repair safe mode (by installing recovery console) I can no longer boot to the main drive at all: a message appears claiming that there is a problem authenticating my Windows version.
Also: TDSS Killer (Kaspersky) says that atapi.sys is infected on the laptop. The second drive (that I'm writing to you from) on the desktop shows no infection from TDSS Killer.
Two questions. 1) Is it possible that the router is infected?
2) Do you advise removing the infected drive and putting it in another machine that will boot to safe mode? Tedious, but I can do this. There are a couple of extra machines lying around.
Thanks for all your help!
Maria.
#8
Отправлено 11 Апрель 2010 - 04:13
Nod32 was active but it did not detect the infection.
When this trojan started to download files from "http://lenina66.com/209.exe" and "269.exe.crypted.exe" nod32 detected the exe files as virusses.
CureIt finds the process in memory "c:\Windows\System32\svchost.exe:1172" and Eradicate it.
However CureIt does not find the source, no infected files found. So the process will return. Currently there is no Rootkit, virusscanner or other tool which detects and removes this trojan.
Tried online scanners, spyware removal progs, rootkit progs like Gmer, tdsskiller and Rootkitrevealer.
So, currently this trojan is on the loose and it seems that no detection or removal is possible. Reinstalling Vista has no use because it can be infected again very quick without protection.
#9
Отправлено 11 Апрель 2010 - 11:43
1) Is it possible that the router is infected?
Yes it is possible the router infected actually your router may hijacked. You can try to reset your router by reading your router's manual.
2) Do you advise removing the infected drive and putting it in another machine that will boot to safe mode? Tedious, but I can do this. There are a couple of extra machines lying around.
Save this file to your desktop and run it, follow the instructions and after that please check if you can boot at safe mode.
Tried online scanners, spyware removal progs, rootkit progs like Gmer, tdsskiller and Rootkitrevealer.
To find the source there are other tools but they are for professional use.
Читают тему: 0
0 пользователей, 0 гостей, 0 скрытых