PDA

View Full Version : Win32.TDSS.reg help



Camaro
2009-07-04, 06:26
Spybot S&D detected Win32.TDSS.reg on my machine (windows xp sp3) but it won't/can't remove it. I read this http://forums.spybot.info/showthread.php?t=49714 but I'm not very computer savvy and really don't understand it and I'm scared I might screw something up. Will the next update automatically remove it or am I going to have to bite the bullet and try to do it on my own? Also when I right click anything, it tries to re-install or modify symantec antivirus even though it's already installed and working fine (to my knowledge), is that a trait of this bug? Thanks in advance for help

Camaro
2009-07-04, 06:47
Also I just read the page about copying to clipboard, when I run a Spybot S&D it detects 3 enteries under Win32.TDSS:

Win32.TDSS.reg: [SBI $48FC2A86] System Service (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ovfsthahkyuydoecvjwjnawvlaehlmqptpeplp

Win32.TDSS.reg: [SBI $C32F149F] System Service (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ovfsthahkyuydoecvjwjnawvlaehlmqptpeplp

Win32.TDSS.reg: [SBI $0CB10357] System Service (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ovfsthahkyuydoecvjwjnawvlaehlmqptpeplp


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2009-05-29 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-06-02 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-06-02 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-06-23 Includes\HijackersC.sbi (*)
2009-06-23 Includes\Keyloggers.sbi (*)
2009-06-30 Includes\KeyloggersC.sbi (*)
2009-06-30 Includes\Malware.sbi (*)
2009-06-30 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-06-30 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-06-02 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-06-02 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-06-17 Includes\Trojans.sbi (*)
2009-06-30 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Matt
2009-07-04, 14:05
Hi Camaro,

:welcome: to Safer Networking Forums.

You can try to run Spybot in safe mode (http://www.pchell.com/support/safemode.shtml), it may help you. If not:

Please read the thread "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288) and follow the instructions there. After that, you can open your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) where an analyst will help you as soon as possible. ;)

Happy safe surfing for the future! :bigthumb: