I think I have a problem!

Dathan Gorena · Nov 19, 2010

ok. here it is.

Risk,Action,Count,Filename,Threat Type,Original Location,Computer,User,Status,Current Location,Primary Action,Secondary Action,Logged By,Action Description,Date
Backdoor.Tidserv.I!inf,Partial,3,A0018353.sys,File,C:\System Volume Information\_restore{4CC105DB-3ECB-4181-8435-EA61CB9C5389}\RP176\,HOME,HOME\SYSTEM,Infected,C:\System Volume Information\_restore{4CC105DB-3ECB-4181-8435-EA61CB9C5389}\RP176\,Clean security risk,Quarantine,Auto-Protect scan,Quarantine was partially successful.,11/19/2010 3:48:04 PM
Backdoor.Tidserv.I!inf,Partial,3,A0018353.sys,File,C:\System Volume Information\_restore{4CC105DB-3ECB-4181-8435-EA61CB9C5389}\RP176\,HOME,HOME\SYSTEM,Infected,C:\System Volume Information\_restore{4CC105DB-3ECB-4181-8435-EA61CB9C5389}\RP176\,Clean security risk,Quarantine,Auto-Protect scan,Quarantine was partially successful.,11/19/2010 2:27:12 PM
Backdoor.Tidserv.I!inf,Partial,3,A0018353.sys,File,C:\System Volume Information\_restore{4CC105DB-3ECB-4181-8435-EA61CB9C5389}\RP176\,HOME,HOME\SYSTEM,Infected,C:\System Volume Information\_restore{4CC105DB-3ECB-4181-8435-EA61CB9C5389}\RP176\,Clean security risk,Quarantine,Auto-Protect scan,Quarantine was partially successful.,11/19/2010 1:28:15 PM
Backdoor.Tidserv.I!inf,Partial,3,A0018353.sys,File,C:\System Volume Information\_restore{4CC105DB-3ECB-4181-8435-EA61CB9C5389}\RP176\,HOME,HOME\SYSTEM,Infected,C:\System Volume Information\_restore{4CC105DB-3ECB-4181-8435-EA61CB9C5389}\RP176\,Clean security risk,Quarantine,Auto-Protect scan,Quarantine was partially successful.,11/19/2010 12:34:21 PM
Backdoor.Tidserv.I!inf,Partial,3,A0018353.sys,File,C:\System Volume Information\_restore{4CC105DB-3ECB-4181-8435-EA61CB9C5389}\RP176\,HOME,HOME\SYSTEM,Infected,C:\System Volume Information\_restore{4CC105DB-3ECB-4181-8435-EA61CB9C5389}\RP176\,Clean security risk,Quarantine,Auto-Protect scan,Quarantine was partially successful.,11/19/2010 11:27:12 AM
Backdoor.Tidserv.I!inf,Partial,3,A0018353.sys,File,C:\System Volume Information\_restore{4CC105DB-3ECB-4181-8435-EA61CB9C5389}\RP176\,HOME,HOME\SYSTEM,Infected,C:\System Volume Information\_restore{4CC105DB-3ECB-4181-8435-EA61CB9C5389}\RP176\,Clean security risk,Quarantine,Auto-Protect scan,Quarantine was partially successful.,11/19/2010 10:27:10 AM
Backdoor.Tidserv.I!inf,Partial,3,A0018353.sys,File,C:\System Volume Information\_restore{4CC105DB-3ECB-4181-8435-EA61CB9C5389}\RP176\,HOME,HOME\SYSTEM,Infected,C:\System Volume Information\_restore{4CC105DB-3ECB-4181-8435-EA61CB9C5389}\RP176\,Clean security risk,Quarantine,Auto-Protect scan,Quarantine was partially successful.,11/19/2010 9:27:11 AM
Backdoor.Tidserv.I!inf,Partial,3,A0018353.sys,File,C:\System Volume Information\_restore{4CC105DB-3ECB-4181-8435-EA61CB9C5389}\RP176\,HOME,HOME\SYSTEM,Infected,C:\System Volume Information\_restore{4CC105DB-3ECB-4181-8435-EA61CB9C5389}\RP176\,Clean security risk,Quarantine,Auto-Protect scan,Quarantine was partially successful.,11/19/2010 8:27:10 AM
Backdoor.Tidserv.I!inf,Partial,3,A0018353.sys,File,C:\System Volume Information\_restore{4CC105DB-3ECB-4181-8435-EA61CB9C5389}\RP176\,HOME,HOME\SYSTEM,Infected,C:\System Volume Information\_restore{4CC105DB-3ECB-4181-8435-EA61CB9C5389}\RP176\,Clean security risk,Quarantine,Auto-Protect scan,Quarantine was partially successful.,11/19/2010 7:48:52 AM
Backdoor.Tidserv.I!inf,Partial,3,A0018353.sys,File,C:\System Volume Information\_restore{4CC105DB-3ECB-4181-8435-EA61CB9C5389}\RP176\,HOME,HOME\SYSTEM,Infected,C:\System Volume Information\_restore{4CC105DB-3ECB-4181-8435-EA61CB9C5389}\RP176\,Clean security risk,Quarantine,Auto-Protect scan,Quarantine was partially successful.,11/19/2010 6:28:15 AM
Backdoor.Tidserv.I!inf,Partial,3,A0018353.sys,File,C:\System Volume Information\_restore{4CC105DB-3ECB-4181-8435-EA61CB9C5389}\RP176\,HOME,HOME\SYSTEM,Infected,C:\System Volume Information\_restore{4CC105DB-3ECB-4181-8435-EA61CB9C5389}\RP176\,Clean security risk,Quarantine,Auto-Protect scan,Quarantine was partially successful.,11/19/2010 5:28:49 AM
Backdoor.Tidserv.I!inf,Partial,3,A0018353.sys,File,C:\System Volume Information\_restore{4CC105DB-3ECB-4181-8435-EA61CB9C5389}\RP176\,HOME,HOME\SYSTEM,Infected,C:\System Volume Information\_restore{4CC105DB-3ECB-4181-8435-EA61CB9C5389}\RP176\,Clean security risk,Quarantine,Auto-Protect scan,Quarantine was partially successful.,11/19/2010 4:27:11 AM
Backdoor.Tidserv.I!inf,Partial,3,A0018353.sys,File,C:\System Volume Information\_restore{4CC105DB-3ECB-4181-8435-EA61CB9C5389}\RP176\,HOME,HOME\SYSTEM,Infected,C:\System Volume Information\_restore{4CC105DB-3ECB-4181-8435-EA61CB9C5389}\RP176\,Clean security risk,Quarantine,Auto-Protect scan,Quarantine was partially successful.,11/19/2010 3:27:10 AM
Backdoor.Tidserv.I!inf,Partial,3,A0018353.sys,File,C:\System Volume Information\_restore{4CC105DB-3ECB-4181-8435-EA61CB9C5389}\RP176\,HOME,HOME\SYSTEM,Infected,C:\System Volume Information\_restore{4CC105DB-3ECB-4181-8435-EA61CB9C5389}\RP176\,Clean security risk,Quarantine,Auto-Protect scan,Quarantine was partially successful.,11/19/2010 2:27:11 AM
Backdoor.Tidserv.I!inf,Partial,3,A0018353.sys,File,C:\System Volume Information\_restore{4CC105DB-3ECB-4181-8435-EA61CB9C5389}\RP176\,HOME,HOME\SYSTEM,Infected,C:\System Volume Information\_restore{4CC105DB-3ECB-4181-8435-EA61CB9C5389}\RP176\,Clean security risk,Quarantine,Auto-Protect scan,Quarantine was partially successful.,11/19/2010 1:27:10 AM
Backdoor.Tidserv.I!inf,Partial,3,A0018353.sys,File,C:\System Volume Information\_restore{4CC105DB-3ECB-4181-8435-EA61CB9C5389}\RP176\,HOME,HOME\SYSTEM,Infected,C:\System Volume Information\_restore{4CC105DB-3ECB-4181-8435-EA61CB9C5389}\RP176\,Clean security risk,Quarantine,Auto-Protect scan,Quarantine was partially successful.,11/19/2010 12:27:11 AM

ken545 · Nov 19, 2010

Hi,

Not to worry about those files, there all in your System Restore Program, lets flush it all out.

System Restore makes regular backups of all your settings, if you ever had to use this program to restore your system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points

Turn off System Restore.

Right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore on all Drives.
Click Apply, and then click OK.

Reboot your computer

Turn ON System Restore.

Right-click My Computer.
ClickProperties.
Click the System Restore tab.
UN-Check Turn off System Restore on all Drives.
Click Apply, and then click OK.

Create a new Restore Point <-- Very Important

Go to Start> All Programs> Assesories> System Tools> System Restore and create a New Restore Point

System Restore Tutorial <-- If you need it

This should get rid of those alerts, let me know

Dathan Gorena · Nov 20, 2010

that seemed to do it! no more alerts popping up! thank you for your help. are we done?

ken545 · Nov 20, 2010

You appear to be fine, are you happy the way things are running now ?

Open OTL and click on the Cleanup feature, it will remove a lot of the programs we used while fixing your computer

How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
WhattheTech
Grinler BleepingComputer
GeeksTo Go
Dslreports

Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster and Spyware Guard, they will conflict with the TeaTimer in Spybot , you can still install Spybot Search and Destroy but do not enable the TeaTimer .

Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community

Spybot Search and Destroy 1.6
Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.
WinPatrol Keep this fine program activated to block a lot of threats
Spyware Blaster It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.
Spyware Guard It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.
IE-Spyad
IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
Firefox 3 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

Safe Surfn
Ken

Dathan Gorena · Nov 21, 2010

ran the cleanup on OTL. yes, i am happy with the results. thank you for all your help!:rockon: at the moment i have the Symantec anti-virus protection and i guess the windows firewall. that is all i need? and then i can download these spyware detections?

ken545 · Nov 21, 2010

Yes you can download them from my links. You should only have One Anti Virus Program and One Firewall, more is over kill and can use a huge amount of system resources and cause other issues, but the spyware programs that i listed are fine to install.

If you have the full suite of Norton it will include a firewall so you can turn the windows firewall off.

Go to your control panel and look for the security center and in there you will see an option to turn it off

Take care,

Ken

ken545 · Nov 26, 2010

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

I think I have a problem!

Dathan Gorena

New member

ken545

Emeritus-Security Expert

Dathan Gorena

New member

ken545

Emeritus-Security Expert

Dathan Gorena

New member

ken545

Emeritus-Security Expert

ken545

Emeritus-Security Expert