I hope this tells you more than it tells me!! Again, thank you for your help. V
I hope this tells you more than it tells me!! Again, thank you for your help. V
Hi Val,
Unfortunately your machine appears to have been infected by the TDSS rootkit/backdoor infection. These kind of malwares are very dangerous. Backdoor Trojans provide a means of accessing a computer system that bypasses security mechanisms and steal sensitive information like passwords, personal and financial data which they send back to the hacker. Rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.
If you use your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:
- Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks,
paypal, ebay, etc. You should also change the passwords for any other site you use.- Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or
credit card information may have been stolen and ask what steps to take with regard to your account.- Consider what other private information could possibly have been taken from your computer and take appropriate steps
Please read the following for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
What Should I Do If I've Become A Victim Of Identity Theft?
Identity Theft Victims Guide - What to do
Although the TDSS infection can be identified and removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that if this type of malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:
When should I re-format? How should I reinstall?
Where to draw the line? When to recommend a format and reinstall?
Note: Attempting to reinstall Windows (repair install) without first wiping the entire hard drive with a repartition/reformat will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system causing problems will still be there afterwards and a Repair will NOT help.
Should you have any questions, please feel free to ask. Please let me know what you have decided to do in your next post. If you decide you want to try and clean your PC then please continue with the following instructions:
Please double click the aswMBR icon to run it.
Vista and Windows 7 users right click the icon and choose "Run as administrator".
- Click the Scan button to start scan.
- When scan finishes, press the Fix Button. Once the Fix is done, press the Save Log button and save the log to your desktop. You need to reboot your computer when its done before you do anything else, then post the log that will be on your desktop.
Click the image to enlarge it
-- WTT Classroom Graduate --
-- ASAP Member --
-- UNITE Trained Eliminator --
Thank you for all of the information. Looks like I've got trouble on my hands.
I will take your advice and change all of my passwords and alert all financial institutes.
How did the "backdoor" hacker get access and how can I prevent it from happening again, whether I clean this computer or get a new one?
I have Sophos Anti-Virus on and it runs daily.
I brought home my work laptop and hooked up to my home wireless. It started acting similar, redirecting my searches on the internet and booting me off. My son complains of the same thing when he visits and uses his computer.
Makes me think my problem may start with my internet provider. My system is secured.
I'd like to backup some of my files before I wipe out my OS and Windows. Will the virus follow my files to a jumpdrive?
After I save a few files, I think I'd like to go ahead and try cleaning the system. I don't have anything to lose. However, I do worry about trusting this computer again with secure information.
Thanks for your time,
Val
Hi Val,
How did the "backdoor" hacker get access and how can I prevent it from happening again, whether I clean this computer or get a new one?
Here's a good read on how to prevent infections:
How did I get infected in the first place?
I'd like to backup some of my files before I wipe out my OS and Windows. Will the virus follow my files to a jumpdrive?
It depends on which files, but it is possible. If you backup your documents, pictures, spreadsheets, etc it will be ok. In any case, If you want to give it a try and clean the machine, I would recommend you to do the backup once we finish.
After I save a few files, I think I'd like to go ahead and try cleaning the system. I don't have anything to lose. However, I do worry about trusting this computer again with secure information.
When you feel ready to start, please create a new restore point and then go ahead with the instructions from my previous post (aswMBR).
To create a new restore point:
- Click Start
- Right click on My Computer
- Select Properties
- From the tasks pane on the left, click System Protection
- Select a disk (place check mark in box if it is not already checked) from the list, usually C:, and click on the Create button.
- Type a name to describe this restore point (ex. "Before malware removal")
- Click Create button
- When finished, Windows opens a window stating that the restore point was created successfully.
-- WTT Classroom Graduate --
-- ASAP Member --
-- UNITE Trained Eliminator --
Thank you for the advice. I have been resetting passwords,etc. I plan to follow your directions and clean my machine this weekend. I will be in touch.
Val
Remember to create a restore point before starting with aswMBR.
-- WTT Classroom Graduate --
-- ASAP Member --
-- UNITE Trained Eliminator --
Thank you for your advice. I will be out of town for the next two weeks on business and will not have time to work on my computer. If I need further assistance I will begin a new post to you. Thank you.