|
|
|
|
|||||||
| Register | Forum Rules | Getting Started! - Guide | Blog | Videos | Gallery | Members List | Social Groups | Mark Forums Read |
 |
|
|
Thread Tools | Display Modes |
22-01-2009, 02:49 PM
|
#201 |
|
ƒ(ψ)=ΘΊΧφ
 
Join Date: May 2006
Location: India
Age: 24
Posts: 6,621
Thanks: 19
Thanked 649 Times in 605 Posts
Rep Power: 87
  OS:
 |
Re: Cannot access Antivirus Sites/Google/Avast etc.
Okk ..... for the registry entries they belong to the last known good configurations and since the files are deleted, those entries won't harm.
For fixdownadup try this link : fixdownadup (from rapidshare) Also make sure your Windows is updated from automatic updates and if that remote code vulnerability doesn't fix mentioned in the other thread doesn't fix the problem, reboot and post the new combofix log file.
__________________
Please don't click here |
|
|
|
22-01-2009, 03:39 PM
|
#202 |
|
Newbie
Join Date: Jan 2009
Posts: 12
Thanks: 4
Thanked 0 Times in 0 Posts
Rep Power: 0
 OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
I'm downloading fixdownadup.exe now. The other problem is I can't get to microsoft.com either. Last time my automatic updates gives my computer an svchost.exe error ( now sometimes it comes back again ), so I've disabled my automatic updates. Is it OK to enable it now?
|
|
|
|
|
22-01-2009, 05:02 PM
|
#203 |
|
ƒ(ψ)=ΘΊΧφ
Join Date: May 2006
Location: India
Age: 24
Posts: 6,621
Thanks: 19
Thanked 649 Times in 605 Posts
Rep Power: 87
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
yes, enable Windows Update and update Windows.
|
|
|
|
|
22-01-2009, 05:34 PM
|
#204 | |
|
Newbie
Join Date: Jan 2009
Posts: 9
Thanks: 2
Thanked 0 Times in 0 Posts
Rep Power: 0
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
Quote:
After a reboot (required to get rid off rootkit) windows started and flagged up various messages about explorer, cmd and any other executable that was starting - something about 'bad server' (can't remember exact message but I can reproduce it if required). I installed Spybot but it won't start so I can't run any scans (it was able to update from website at install time though). I tried running the Kasperski rootkit scan again and it found the same rootkit again which is clearly not great news as it is proving rather awkward to remove. Is there anything else I can try short of rebuilding the machine? Many thanks for your assistance so far! |
|
|
|
|
|
22-01-2009, 05:57 PM
|
#205 |
|
ƒ(ψ)=ΘΊΧφ
Join Date: May 2006
Location: India
Age: 24
Posts: 6,621
Thanks: 19
Thanked 649 Times in 605 Posts
Rep Power: 87
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
What is the name of the rootkit Kaspersky finds ? Disable System Restore and run that rootkit scanner. Also run a scan using RootkitRevealer
can you post a screenshot of the error messages that you receive while running exe files ? |
|
|
|
| Thanked Users: | kenzie (23-01-2009) |
|
22-01-2009, 06:05 PM
|
#206 | |
|
Newbie
Join Date: Jan 2009
Posts: 9
Thanks: 2
Thanked 0 Times in 0 Posts
Rep Power: 0
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
Quote:
I'm at work at the moment but I'll do that when I get in and post the screenshot too. Cheers |
|
|
|
|
|
23-01-2009, 09:27 AM
|
#207 |
|
Newbie
Join Date: Jan 2009
Posts: 12
Thanks: 4
Thanked 0 Times in 0 Posts
Rep Power: 0
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
 bakuryu and Strider  It seems like my computer is okay now, hopefully I don't have to disturb yous guys and waste you time anymore ( for this case  ).You guys ROCK  |
|
|
|
|
23-01-2009, 06:06 PM
|
#208 | |
|
Newbie
Join Date: Jan 2009
Posts: 9
Thanks: 2
Thanked 0 Times in 0 Posts
Rep Power: 0
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
Quote:
Ok I've uploaded the screenshots so you can see what I'm getting. The bad image messages I'm getting seem to affect every executable at start up and any new programs run. The following executables throw up exactly the same message and in the following order: services.exe lsass.exe userinit.exe explorer.exe rundll.exe soundman.exe jusched.exe qttask.exe realsched.exe avp.exe ctfmon.exe regsvr32.exe I can see what is happening - all executables seem to be vetted by this TDSS rootkit but now that it is removed (seemingly temporarily) the referenced file throws an error. Not sure how to get rid of it though as there rookitrevealer shows these registry entires are hidden so I can't access them to delete the keys in regedit. Hope this helps... Last edited by Ardiem; 23-01-2009 at 06:17 PM.. |
|
|
|
|
|
23-01-2009, 06:20 PM
|
#209 |
|
ƒ(ψ)=ΘΊΧφ
Join Date: May 2006
Location: India
Age: 24
Posts: 6,621
Thanks: 19
Thanked 649 Times in 605 Posts
Rep Power: 87
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
Delete the files using Killbox (set to delete on reboot)
C:\Windows\System32\TDSScfub.dll C:\Windows\System32\drivers\TDSSserv.sys delete these registry entries : HKEY_LOCAL_MACHINE\Software\Classes\webcal\URL Protocol HKEY_LOCAL_MACHINE\Microsoft\Windows NT\CurrentVersion\tssdata HKEY_LOCAL_MACHINE\Software\Tdss HKEY_LOCAL_MACHINE\System\ControlSet001\Services\T DSSserv.sys HKEY_LOCAL_MACHINE\System\ControlSet002\Services\T DSSserv.sys HKEY_LOCAL_MACHINE\System\ControlSet003\Services\T DSSserv.sys |
|
|
|
|
23-01-2009, 06:43 PM
|
#210 |
|
Newbie
Join Date: Jan 2009
Posts: 9
Thanks: 2
Thanked 0 Times in 0 Posts
Rep Power: 0
OS:
|
Ok I've run killbox and deleted those files and they seem to have gone. The only registry entry from that list that I could find was the first one - the others just weren't there or at least weren't visible.
I've found a key HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSER V.SYS I tried to delete it but won't let me: 'Error while deleting key' Same with ControlSet002 and CurrentControlSet. Last edited by bakuryu; 23-01-2009 at 07:10 PM.. |
|
|
|
|
| Tags |
| antivirus, cleanup, infection, virus, virus removal |
| Thread Tools | |
| Display Modes | |
|
|
< Home - Windows Help - MS Office Help - Hardware Support >
| New To Site? | Need Help? |
Linear Mode
