Win32.TDSS.rtk and Win32.Bredolab.b
- Thread starter Rustlr
- Start date
Hello
The avast antivirus is still disabled
The logon screen still includes the admin logon icon
r2
The avast antivirus is still disabled
The logon screen still includes the admin logon icon
r2
hello again
I did not have an internet connection in normal mode.
I am now in safe mode with networking and I am scanning w/Avast
R2
I did not have an internet connection in normal mode.
I am now in safe mode with networking and I am scanning w/Avast
R2
avast ye mateys
The avast program took a very long time to run
I still do not have internet access or avast in normal mode
8/14/2009 8:21:32 AM Russell Radcliffe 236 Error in aswChestC: chestOpenList Error 1753.
8/14/2009 8:21:32 AM Russell Radcliffe 236 aswChestInterface - Program error description: CChestListView::LoadFiles() chestOpenList() failed: 2147422219.
8/14/2009 8:21:36 AM Russell Radcliffe 236 aswChestInterface - Program error description: CChestListView::OnCreate() !m_strErrorWnd.IsEmpty().
8/15/2009 9:30:12 AM Russell Radcliffe 1040 Internal error has occurred in module aswar scan function failed!, function 00000002.
8/15/2009 5:24:42 PM Russell Radcliffe 976 Error in aswChestC: chestAddFile Error 1753.
8/15/2009 5:25:14 PM Russell Radcliffe 976 Error in aswChestC: chestAddFile Error 1753.
8/15/2009 5:25:17 PM Russell Radcliffe 976 Error in aswChestC: chestAddFile Error 1753.
8/15/2009 5:25:22 PM Russell Radcliffe 976 Error in aswChestC: chestAddFile Error 1753.
8/15/2009 5:25:25 PM Russell Radcliffe 976 Error in aswChestC: chestAddFile Error 1753.
8/15/2009 5:25:27 PM Russell Radcliffe 976 Error in aswChestC: chestAddFile Error 1753.
8/15/2009 5:25:32 PM Russell Radcliffe 976 Error in aswChestC: chestAddFile Error 1753.
8/15/2009 5:25:41 PM Russell Radcliffe 976 Error in aswChestC: chestAddFile Error 1753.
8/15/2009 5:25:46 PM Russell Radcliffe 976 Error in aswChestC: chestAddFile Error 1753.
8/15/2009 5:25:51 PM Russell Radcliffe 976 Error in aswChestC: chestAddFile Error 1753.
8/15/2009 5:25:54 PM Russell Radcliffe 976 Error in aswChestC: chestAddFile Error 1753.
8/15/2009 5:25:56 PM Russell Radcliffe 976 Error in aswChestC: chestAddFile Error 1753.
8/15/2009 5:25:58 PM Russell Radcliffe 976 Error in aswChestC: chestAddFile Error 1753.
8/15/2009 5:26:06 PM Russell Radcliffe 976 Error in aswChestC: chestAddFile Error 1753.
8/15/2009 5:26:08 PM Russell Radcliffe 976 Error in aswChestC: chestAddFile Error 1753.
8/15/2009 5:26:12 PM Russell Radcliffe 976 Error in aswChestC: chestAddFile Error 1753.
8/15/2009 5:26:20 PM Russell Radcliffe 976 Error in aswChestC: chestAddFile Error 1753.
8/15/2009 5:26:25 PM Russell Radcliffe 976 Error in aswChestC: chestAddFile Error 1753.
8/15/2009 10:01:33 AM Russell Radcliffe 1040 Sign of "WMA:Wimad [Drp]" has been found in "C:\Documents and Settings\Russell Radcliffe\My Documents\Danny\du hast.wma" file.
8/15/2009 10:07:20 AM Russell Radcliffe 1040 Sign of "WMA:Wimad [Drp]" has been found in "C:\Documents and Settings\Russell Radcliffe\My Documents\Danny\Lily Allen -Fuck You Very Much(1).wma" file.
8/15/2009 10:07:21 AM Russell Radcliffe 1040 Sign of "WMA:Wimad [Drp]" has been found in "C:\Documents and Settings\Russell Radcliffe\My Documents\Danny\lily alllen fuck you(1).wma" file.
8/15/2009 10:10:41 AM Russell Radcliffe 1040 Sign of "WMA:Wimad [Drp]" has been found in "C:\Documents and Settings\Russell Radcliffe\My Documents\Danny\panis switch silversun pickups.wma" file.
8/15/2009 5:22:57 PM Russell Radcliffe 976 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1\A0000218.exe" file.
8/15/2009 5:59:24 PM Russell Radcliffe 976 Sign of "Win32:SdBot-gen44 [Trj]" has been found in "C:\WINDOWS\Debug\DCPROMO.LOG" file.
8/15/2009 7:04:39 PM Russell Radcliffe 892 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.
The avast program took a very long time to run
I still do not have internet access or avast in normal mode
8/14/2009 8:21:32 AM Russell Radcliffe 236 Error in aswChestC: chestOpenList Error 1753.
8/14/2009 8:21:32 AM Russell Radcliffe 236 aswChestInterface - Program error description: CChestListView::LoadFiles() chestOpenList() failed: 2147422219.
8/14/2009 8:21:36 AM Russell Radcliffe 236 aswChestInterface - Program error description: CChestListView::OnCreate() !m_strErrorWnd.IsEmpty().
8/15/2009 9:30:12 AM Russell Radcliffe 1040 Internal error has occurred in module aswar scan function failed!, function 00000002.
8/15/2009 5:24:42 PM Russell Radcliffe 976 Error in aswChestC: chestAddFile Error 1753.
8/15/2009 5:25:14 PM Russell Radcliffe 976 Error in aswChestC: chestAddFile Error 1753.
8/15/2009 5:25:17 PM Russell Radcliffe 976 Error in aswChestC: chestAddFile Error 1753.
8/15/2009 5:25:22 PM Russell Radcliffe 976 Error in aswChestC: chestAddFile Error 1753.
8/15/2009 5:25:25 PM Russell Radcliffe 976 Error in aswChestC: chestAddFile Error 1753.
8/15/2009 5:25:27 PM Russell Radcliffe 976 Error in aswChestC: chestAddFile Error 1753.
8/15/2009 5:25:32 PM Russell Radcliffe 976 Error in aswChestC: chestAddFile Error 1753.
8/15/2009 5:25:41 PM Russell Radcliffe 976 Error in aswChestC: chestAddFile Error 1753.
8/15/2009 5:25:46 PM Russell Radcliffe 976 Error in aswChestC: chestAddFile Error 1753.
8/15/2009 5:25:51 PM Russell Radcliffe 976 Error in aswChestC: chestAddFile Error 1753.
8/15/2009 5:25:54 PM Russell Radcliffe 976 Error in aswChestC: chestAddFile Error 1753.
8/15/2009 5:25:56 PM Russell Radcliffe 976 Error in aswChestC: chestAddFile Error 1753.
8/15/2009 5:25:58 PM Russell Radcliffe 976 Error in aswChestC: chestAddFile Error 1753.
8/15/2009 5:26:06 PM Russell Radcliffe 976 Error in aswChestC: chestAddFile Error 1753.
8/15/2009 5:26:08 PM Russell Radcliffe 976 Error in aswChestC: chestAddFile Error 1753.
8/15/2009 5:26:12 PM Russell Radcliffe 976 Error in aswChestC: chestAddFile Error 1753.
8/15/2009 5:26:20 PM Russell Radcliffe 976 Error in aswChestC: chestAddFile Error 1753.
8/15/2009 5:26:25 PM Russell Radcliffe 976 Error in aswChestC: chestAddFile Error 1753.
8/15/2009 10:01:33 AM Russell Radcliffe 1040 Sign of "WMA:Wimad [Drp]" has been found in "C:\Documents and Settings\Russell Radcliffe\My Documents\Danny\du hast.wma" file.
8/15/2009 10:07:20 AM Russell Radcliffe 1040 Sign of "WMA:Wimad [Drp]" has been found in "C:\Documents and Settings\Russell Radcliffe\My Documents\Danny\Lily Allen -Fuck You Very Much(1).wma" file.
8/15/2009 10:07:21 AM Russell Radcliffe 1040 Sign of "WMA:Wimad [Drp]" has been found in "C:\Documents and Settings\Russell Radcliffe\My Documents\Danny\lily alllen fuck you(1).wma" file.
8/15/2009 10:10:41 AM Russell Radcliffe 1040 Sign of "WMA:Wimad [Drp]" has been found in "C:\Documents and Settings\Russell Radcliffe\My Documents\Danny\panis switch silversun pickups.wma" file.
8/15/2009 5:22:57 PM Russell Radcliffe 976 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1\A0000218.exe" file.
8/15/2009 5:59:24 PM Russell Radcliffe 976 Sign of "Win32:SdBot-gen44 [Trj]" has been found in "C:\WINDOWS\Debug\DCPROMO.LOG" file.
8/15/2009 7:04:39 PM Russell Radcliffe 892 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.
Yes that worked, I now have an internet connection in normal mode but the avast antivirus is still disabled
r2
microsoft
I have contacted Microsoft with a description of the current problems and copies of all the logs that I have sent you. Microsoft collected what appears to be a large amount of system info. Response time is one business day.
Later
r2
I have contacted Microsoft with a description of the current problems and copies of all the logs that I have sent you. Microsoft collected what appears to be a large amount of system info. Response time is one business day.
Later
r2
internet
The internet keeps going away in normal mode, with the diagnostic saying that it will not work in SAFE MODE.
I rebooted the cable modem twice before the internet came back in normal mode.
I always have internet on my other computer thru the wireless router and also on this one in safe mode w/networking.
Not a problem at this time, as I am staying in safe mode on the problem computer and using the other computer for internet action. I was able to remove a similar security malware thru spybot but I did have to reinstall mcafee.
Some years ago, when I had access to IT thru my work, something similar happened and I think that IT had to reinstall Windows.
Later
R2
Good
Keep me informed.
The internet keeps going away in normal mode, with the diagnostic saying that it will not work in SAFE MODE.
I rebooted the cable modem twice before the internet came back in normal mode.
I always have internet on my other computer thru the wireless router and also on this one in safe mode w/networking.
Not a problem at this time, as I am staying in safe mode on the problem computer and using the other computer for internet action. I was able to remove a similar security malware thru spybot but I did have to reinstall mcafee.
Some years ago, when I had access to IT thru my work, something similar happened and I think that IT had to reinstall Windows.
Later
R2
microsoft
Here is the response from MS. I am proceeding
R2
This issue may also be caused by one of the following factors:
1. The system is infected by viruses.
2. There are conflicting third party security programs running on the system.
We will address some of the more common causes of this issue. It is important that we attempt to connect to the Windows Update web site after each step to confirm whether the resolution has worked. This will prevent us from having to proceed with additional troubleshooting steps and provide us with valuable feedback to further develop our support resolutions for you and our future customers. Your assistance is greatly appreciated.
Step 1: Scan for Viruses
===================
1. Please open Internet Explorer and visit http://safety.live.com .
2. Please click "Full Service Scan" button and follow the instructions on screen to scan for viruses on your computer.
3. When the scan is finished, please restart your computer.
Step 2: Remove Trojans or viruses via Malwarebytes' Anti-Malware
==================================================
1. Download freeware Anti-Malware Remover (Free Version) from
http://www.malwarebytes.org/mbam.php
Please Note: The third-party product discussed here is manufactured by a company that is independent of Microsoft. We make no warranty, implied or otherwise, regarding this product's performance or reliability.
2. After downloading it, please double-click the downloaded file to install it.
3. After installing it, please launch it to scan and remove Trojans or viruses.
4. After it finished, restart the computer and check whether the issue persists.
Now try Windows Update to see if the issue has been resolved. Please let us know if this step has resolved it. If not, please proceed to the next step.
Step 3: Uninstall security programs
==========================
Temporarily uninstall all the security programs such as Norton from the system to check this issue. To remove the third party applications from the computer, please follow the steps below:
1. Click "Start" and double click on "Control Panel".
2. Double click "Add or Remove Programs".
3. Look in the list for any third party Antivirus and Firewall applications such as Norton, AVG, Zone Alarm, Trend Micro, Panda Software, etc. and remove them one by one. Please understand that we are removing these programs only for the purpose of troubleshooting and we can reinstall these programs after we finish.
Now try Windows Update to see if the issue has been resolved. Please let us know if this step has resolved it. If not, please proceed to the next step.
After that, please access the Windows Update website to check this issue. If the problem still exists, please help to collect the following information for my further research:
How to collect System Information:
===========================
1. Click "Start", go to "Run", type in "MSINFO32" (without quotations) and press "Enter" to start System Information.
2. On the "System Information" window, on the menu bar, click "File", and click "Save as"; save it as an NFO file, such as "system.nfo" to your local Desktop.
3. Locate the file, right-click on it, click "Send To", and click "Compressed (zipped) Folder".
Here is the response from MS. I am proceeding
R2
This issue may also be caused by one of the following factors:
1. The system is infected by viruses.
2. There are conflicting third party security programs running on the system.
We will address some of the more common causes of this issue. It is important that we attempt to connect to the Windows Update web site after each step to confirm whether the resolution has worked. This will prevent us from having to proceed with additional troubleshooting steps and provide us with valuable feedback to further develop our support resolutions for you and our future customers. Your assistance is greatly appreciated.
Step 1: Scan for Viruses
===================
1. Please open Internet Explorer and visit http://safety.live.com .
2. Please click "Full Service Scan" button and follow the instructions on screen to scan for viruses on your computer.
3. When the scan is finished, please restart your computer.
Step 2: Remove Trojans or viruses via Malwarebytes' Anti-Malware
==================================================
1. Download freeware Anti-Malware Remover (Free Version) from
http://www.malwarebytes.org/mbam.php
Please Note: The third-party product discussed here is manufactured by a company that is independent of Microsoft. We make no warranty, implied or otherwise, regarding this product's performance or reliability.
2. After downloading it, please double-click the downloaded file to install it.
3. After installing it, please launch it to scan and remove Trojans or viruses.
4. After it finished, restart the computer and check whether the issue persists.
Now try Windows Update to see if the issue has been resolved. Please let us know if this step has resolved it. If not, please proceed to the next step.
Step 3: Uninstall security programs
==========================
Temporarily uninstall all the security programs such as Norton from the system to check this issue. To remove the third party applications from the computer, please follow the steps below:
1. Click "Start" and double click on "Control Panel".
2. Double click "Add or Remove Programs".
3. Look in the list for any third party Antivirus and Firewall applications such as Norton, AVG, Zone Alarm, Trend Micro, Panda Software, etc. and remove them one by one. Please understand that we are removing these programs only for the purpose of troubleshooting and we can reinstall these programs after we finish.
Now try Windows Update to see if the issue has been resolved. Please let us know if this step has resolved it. If not, please proceed to the next step.
After that, please access the Windows Update website to check this issue. If the problem still exists, please help to collect the following information for my further research:
How to collect System Information:
===========================
1. Click "Start", go to "Run", type in "MSINFO32" (without quotations) and press "Enter" to start System Information.
2. On the "System Information" window, on the menu bar, click "File", and click "Save as"; save it as an NFO file, such as "system.nfo" to your local Desktop.
3. Locate the file, right-click on it, click "Send To", and click "Compressed (zipped) Folder".
Shaba
Security Expert: Emeritus
Due to the lack of feedback this Topic is closed.
If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.
Everyone else please begin a New Topic.
If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.
Everyone else please begin a New Topic.
Last edited by a moderator: