Search:

Ok, thanks you for your help. I will contact the PC Tools folk and ask them about the false positive. They took my money for the software, lets see how much help I get. Again, thank you.

Okay, Updated Java nad removed old versions. n the Virustotal scan, the web page show the results but there is no send option. I used File > send > page via email, to get the output emailed to me,...

Here is dds.txt, attached.txt is attached.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_16
Run by Admiral Turron at 10:43:54 on 2012-01-21...

Hi,

I have removed all of the tools from my PC. But when I run a full scan with my anti-virus software it still finds a high risk threat called "Rootkit TDSS.v2".

Do you think it is a problem...

All is working well and I have deleted the directory. Should I now delete all the things I downloaded to my desktop? I will also turn on my anti-virus software "PC Tools Spyware Doctor with...

Yes, my computer is running faster. The results of the online scan...

C:\Documents and Settings\All Users\Application Data\rrexvahnjbxu\spoof.avi Win32/Agent.SWD trojan

Ok, here is the log. Re-booted system.

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.19.03

Windows XP Service Pack 3 x86 NTFS
Internet...

This is my personal PC at home. I use it sometimes to work from home via VPN. As for c:\program files\winternals\recovery manager, this was installed a long time ago, maybe years. I don't remember...

Here is CKFiles.txt..

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\ssh communications security\ssh secure shell\ssh-keygen2.exe
c:\program...

Here is the combofix.txt

ComboFix 12-01-18.04 - Admiral Turron 01/18/2012 19:54:02.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1264 [GMT -5:00]
Running from:...

Here is part 2....


19:00:27.0882 5776 Scan finished
19:00:27.0882 5776 ============================================================
19:00:27.0897 4668 Detected object count: 1
19:00:27.0897...

hi,
There was no cure option. Only Skip, Copy to quarantine, and delete. I clicked continue and it finished. here is part 1 of the log (to long for one post).

18:59:40.0600 3012 TDSS rootkit...

Hi,

Here is the log..

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-18 18:42:50
-----------------------------
18:42:50.632 OS Version: Windows 5.1.2600...

Hi,
My anti-virus software keeps finding Rootkit.TDSS.v2 and deleting is over ond over and over. The only way I am able to get on the internet is the disable all of the startup items. I can not even...

pskelley,

Thanks very much for your help.

It appears to have fixed the problem. Here are the new report.txt and HJT log.

SDFix: Version 1.136

Run by Everon on Mon 02/04/2008 at 01:24 PM

Microsoft Windows XP [Version 5.1.2600]
...

OK, I emptied the Recycle Bin and did what you said.

SmitFraudFix v2.280

Scan done at 11:30:27.22, Mon 02/04/2008
Run from C:\Documents and Settings\Everon\Desktop\SmitfraudFix
OS: Microsoft...

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, February 02, 2008 4:17:48 PM
Operating System: Microsoft Windows XP...

I have run Spybot and Kaspersky. But I still get the red screen of death (desktop). Thank you for your help.

Here is the HJT log. Next post Kaspersky.log.

Logfile of Trend Micro HijackThis...

Yes, my account has administrative rights. A virusscan found nothing.

Thanks Again.

All of this was done in my account. Will the Administrator account also be free of the nasties?

Thanks Again.

Hi,
The PC is running faster now and IE seems to be working but have not yet connected the PC to the internet yet. I will do so now and then get MS updates.

Thank You, Thank You, Thank You....

The HJT file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:27:41 AM, on 12/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot...

Hi, The DrWeb.csv file..

AP2.htm;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp;VBS.Psyme.239;Deleted.;
AP54.exe;C:\Documents and...

Hi, Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:22 AM, on 12/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
...

Hi Again,

I think I found a way to recover without ending ComboFix. Here is the log.

ComboFix 07-12-15.1 - cmeadows 2007-12-17 8:53:57.9 - NTFSx86
Running from: C:\Documents and...

Hi,

I did as you said. It appears hung again at "Deleting Files/Folders". Does the desktop (explorer), go away when ComboFix is running?

Hi Mr_JAk3,

I was finally able to run ComboFix successfully "in normal mode" by using msconfig to disable all startup programs. Log is below.

ComboFix 07-12-15.1 - cmeadows 2007-12-16...

Hi,

I ran it again in safe mode. This time I was able to see a message that said something about "not being able to access a file because it was being used by another process", just before the...

Thanks for helping,

Combofix has been at the "Deleting Files/Folders:" message
for over 15 minutes with no disk activity. The system
does not respond to anything and the desktop items are
all...

I have clean up most of the viruses that McAfee and Spybot
found on one of my computers but the perfc000.dat keeps poping up and being deleted every few seconds by McAfee.
I can not run Kaspersky...