Hi. I have a problem. Maybe this post will not be 100% correct. I only wanna ask some thing.

I got infected by : 2010/06/01_18:41 hjwbxhqr.cn/21/ 188.65.74.67 - Liberty exploit kit wang9619@163.com 42473
2010/06/01_18:41 hjwbxhqr.cn/21/admin.php 188.65.74.67 - control panel of Liberty exploit kit wang9619@163.com 42473
2010/06/01_18:41 hjwbxhqr.cn/21/download.php?expid=4&fid=1 188.65.74.67 - trojan TDSS wang9619@163.com 42473
2010/06/01_18:41 hjwbxhqr.cn/22/ 188.65.74.67 - Liberty exploit kit wang9619@163.com 42473
2010/06/01_18:41 hjwbxhqr.cn/22/admin.php 188.65.74.67 - control panel of Liberty exploit kit wang9619@163.com 42473
2010/06/01_18:41 hjwbxhqr.cn/22/download.php?expid=4&fid=1 188.65.74.67 - trojan TDSS wang9619@163.com 42473
======================================================
Its Connects to my Pc by svchost.exe and drops 5 viruses.
Win32;Bamital-T [Drp] ,Win32;Trojan-gen , Win32;MalOb-Al [Cryp] ,
Wind32;suspBehav-C [Heur] , Win32;Delfcrypt-F [Drp].
I did Scan Whit spybot S&D and it didnt find that scvhost.exe is infected
======================================================
http://img132.imageshack.us/img132/9162/gotya.png (http://img132.imageshack.us/i/gotya.png/)

Uploaded with ImageShack.us (http://imageshack.us)
======================================================
Please help me remove this Thread.
Thank you

:snwelcome:

Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.


Download DDS by sUBs from one of the following links. Save it to your desktop.

DDS.com (http://www.techsupportforum.com/sectools/sUBs/dds)
DDS.scr (http://download.bleepingcomputer.com/sUBs/dds.scr)
DDS.pif (http://www.forospyware.com/sUBs/dds)

Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results, click no to the Optional_Scan
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Hi,

Your infected with the TDSS Rootkit, do you still need help ?

Due to inactivity, this thread will now be closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.