Help needed with UACd / WINTDSS trojan
- Thread starter PaulDSC
- Start date
Further to my earlier post I have had a look at gmer
If I go to the registry tab and drill down to the UACD.sys folder in services in the relevant control set, the right click option only allows you to MODIFY the value data for that registry entry. There is no delete option I can see
Paul
If I go to the registry tab and drill down to the UACD.sys folder in services in the relevant control set, the right click option only allows you to MODIFY the value data for that registry entry. There is no delete option I can see
Paul
ok thanks for the info. No luck with Gmer i see. Are you willing to leave the registry entries? The associated files with the root kit seem to have been removed. I dont know how they could be removed short of doing a reformat/re-install of W2k.
hi PaulDSC,
Yes with the core files removed then the registry leftovers are harmless. You can delete the Gmer icon and remove combofix like this;
Start>run and type in: combofix /u
click ok or enter
Note: there is a space after the x and before the /
Always check Malwarebytes for updates before a scan.
And last; some tips for reducing your risk to malware;
10 Tips for Reducing Your Risk To Malware:
1) It is essential to Keep your OS,(Windows) browser (IE, FireFox) and other software up to date to "patch" vulnerabilities that could be exploited. This is also true for web based applications like Java, Adobe Flash/Reader, QuickTime etc. Check there version status here.
2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and your then prompted to install software to remedy this. See also the signs that you may have malware on your computer.
3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. Scanning frequency is a function of your computer habits.
4) Refrain from clicking on links or attachments you receive via E-Mail, IM, IRC, Chat Rooms or Social Networking Sites, no matter how tempting or legitimate the message may seem.
5) Don't click on ads/pop ups or offers from websites requesting that you need to install software, media players or codecs to your computer--for any reason.
6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website?
7) Set up and use limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts can help prevent *malware from installing.*
8) Install and understand the limitations of a software firewall.
9) Consider using an alternate browser and E-mail client. Internet Explorer and OutLook Express are popular targets for malicious code because they are widely used. All browsers can have vulnerabilities but statistically it is the most commonly used browser that will be targeted the most. See also: Hardening or Securing Internet Explorer.
10) Warez, cracks etc are very popular for carrying malware payloads. Avoid. If you install files via p2p networks then you are much more likely to encounter malicious code. Do you trust the source of the file? Do you really need another potential malware source?
A longer version in link below.
Happy Safe Surfing.
Yes with the core files removed then the registry leftovers are harmless. You can delete the Gmer icon and remove combofix like this;
Start>run and type in: combofix /u
click ok or enter
Note: there is a space after the x and before the /
Always check Malwarebytes for updates before a scan.
And last; some tips for reducing your risk to malware;
10 Tips for Reducing Your Risk To Malware:
1) It is essential to Keep your OS,(Windows) browser (IE, FireFox) and other software up to date to "patch" vulnerabilities that could be exploited. This is also true for web based applications like Java, Adobe Flash/Reader, QuickTime etc. Check there version status here.
2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and your then prompted to install software to remedy this. See also the signs that you may have malware on your computer.
3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. Scanning frequency is a function of your computer habits.
4) Refrain from clicking on links or attachments you receive via E-Mail, IM, IRC, Chat Rooms or Social Networking Sites, no matter how tempting or legitimate the message may seem.
5) Don't click on ads/pop ups or offers from websites requesting that you need to install software, media players or codecs to your computer--for any reason.
6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website?
7) Set up and use limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts can help prevent *malware from installing.*
8) Install and understand the limitations of a software firewall.
9) Consider using an alternate browser and E-mail client. Internet Explorer and OutLook Express are popular targets for malicious code because they are widely used. All browsers can have vulnerabilities but statistically it is the most commonly used browser that will be targeted the most. See also: Hardening or Securing Internet Explorer.
10) Warez, cracks etc are very popular for carrying malware payloads. Avoid. If you install files via p2p networks then you are much more likely to encounter malicious code. Do you trust the source of the file? Do you really need another potential malware source?
A longer version in link below.
Happy Safe Surfing.