Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Backdoor.Tidserv!inf removal in process,need additional help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Backdoor.Tidserv!inf removal in process,need additional help

Unread postby Happykat22 » April 9th, 2009, 2:16 am

VirSCAN log

----------------------------------






File information
File Name : atisvc_umagod(2).exe
File Size : 395914 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 9eb13773ff3db30a7570b57a9ebeefc5
SHA1 : 0dd76f72b048add2f477d7570c7e51576bedc1fc

Scanner results
Scanner results : All Scanners reported not find malware!
Time : 2009/04/07 19:10:51 (CDT)
Scanner ↓ Engine Ver Sig Ver Sig Date Scan result Time
a-squared 4.0.0.32 20090408050206 2009-04-08
-
1.980
AhnLab V3 2009.04.07.01 2009.04.07 2009-04-07
-
0.611
AntiVir 7.9.0.138 7.1.3.27 2009-04-07
-
1.968
Antiy 2.0.18 20090407.2283465 2009-04-07
-
0.120
Authentium 5.1.1 200904071727 2009-04-07
-
1.869
AVAST! 3.0.1 090407-0 2009-04-07
-
0.026
AVG 7.5.52.442 270.11.46/2046 2009-04-07
-
2.022
BitDefender 7.81008.2834189 7.24662 2009-04-08
-
2.640
CA (VET) 9.0.0.143 31.6.6442 2009-04-07
-
4.462
ClamAV 0.95 9210 2009-04-07
-
0.070
Comodo 3.8 1102 2009-04-07
-
0.576
CP Secure 1.1.0.715 2009.04.08 2009-04-08
-
8.011
Dr.Web 4.44.0.9170 2009.04.07 2009-04-07
-
4.443
F-Prot 4.4.4.56 20090407 2009-04-07
-
2.150
F-Secure 5.51.6100 2009.04.08.01 2009-04-08
-
5.143
Fortinet 2.81-3.117 10.258 2009-04-07
-
0.209
GData 19.4466/19.292 20090408 2009-04-08
-
3.492
Ikarus T3.1.01.49 2009.04.07.72541 2009-04-07
-
3.183
JiangMin 11.0.706 2009.04.07 2009-04-07
-
1.835
Kaspersky 5.5.10 2009.04.07 2009-04-07
-
0.071
KingSoft 2009.2.5.15 2009.4.7.21 2009-04-07
-
0.579
McAfee 5.3.00 5577 2009-04-07
-
2.827
Microsoft 1.4502 2009.04.07 2009-04-07
-
5.023
mks_vir 2.01 2009.04.07 2009-04-07
-
2.776
Norman 6.00.06 6.00.00 2009-04-03
-
10.011
nProtect 20090407.03 3428322 2009-04-07
-
4.318
Panda 9.05.01 2009.04.06 2009-04-06
-
1.988
Quick Heal 10.00 2009.04.07 2009-04-07
-
1.255
Rising 20.0 21.23.40.00 2009-04-03
-
1.109
Sophos 2.85.0 4.40 2009-04-08
-
2.147
Sunbelt 5079 5079 2009-04-06
-
1.080
Symantec 1.3.0.24 20090407.003 2009-04-07
-
0.058
The Hacker 6.3.4.0 v00303 2009-04-06
-
0.570
Trend Micro 8.700-1004 5.944.02 2009-04-03
-
0.028
VBA32 3.12.10.2 20090406.1414 2009-04-06
-
2.588
ViRobot 20090406 2009.04.06 2009-04-06
-
0.398
VirusBuster 4.5.11.10 10.102.36/1220037 2009-04-07
-
1.605
Note: this file has been scanned before. Therefore, this file's scan result will not be stored in the database
Copy to clipboard

------------------------------

Kaspersky scan log

-----------------------------

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, April 9, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, April 09, 2009 02:26:26
Records in database: 2024671
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 172644
Threat name: 4
Infected objects: 3
Suspicious objects: 1
Duration of the scan: 04:27:43


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B40002.VBN Infected: Trojan-Clicker.MSIL.Xone.bo 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09F00000\49F26A8F.VBN Infected: Packed.Win32.Tdss.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EE80002.VBN Suspicious: Trojan.Win32.Patched.dy 1
G:\INSTALLS\Google Earth Pro v4.1.7087 WinAll Incl Patch-DEC0DE\Google Earth Pro v4.1.7087 WinAll Incl Patch-DEC0DE.rar Infected: Backdoor.Win32.SdBot.fgl 1

The selected area was scanned.
Happykat22
Regular Member
 
Posts: 19
Joined: February 20th, 2009, 9:11 pm
Advertisement
Register to Remove

Re: Backdoor.Tidserv!inf removal in process,need additional help

Unread postby Happykat22 » April 9th, 2009, 2:19 am

It took me seven posts... to be able to fit all of the scan logged information that you requested in your last response to me. In case you only see that last post...this is to let you know that this is the tail end of eight.

:)
Happykat22
Regular Member
 
Posts: 19
Joined: February 20th, 2009, 9:11 pm

Re: Backdoor.Tidserv!inf removal in process,need additional help

Unread postby jmw3 » April 9th, 2009, 8:11 am

Hi

Logs look good.

Delete everything from Symantec AntiVirus' Quarantine.
Delete the following as it's infected:
G:\INSTALLS\Google Earth Pro v4.1.7087 WinAll Incl Patch-DEC0DE

How's the computer running? Any problems?
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Backdoor.Tidserv!inf removal in process,need additional help

Unread postby Happykat22 » April 13th, 2009, 9:48 pm

Looking great...but ! :)


I went to Delete everything from Symantec AntiVirus' Quarantine, but found nothing in there to delete.

I deleleted this Google Earth program setup. ------->G:\INSTALLS\Google Earth Pro v4.1.7087 WinAll Incl Patch-DEC0DE

My computer seems to be running okay, except that I can no longer run Explorer on it. I think that the initial virus screwed around with my Administrator settings. Not sure. I was getting error messages telling me that the computer had shut down Explorer before it could do any damage. Now when I click on explorer in my task bar or the programs menu...nothing happens at all.

Thank you so much by the way for all of your help so far. I would like to make a donation...what is a suitable amount ?

:))
Happykat22
Regular Member
 
Posts: 19
Joined: February 20th, 2009, 9:11 pm

Re: Backdoor.Tidserv!inf removal in process,need additional help

Unread postby jmw3 » April 14th, 2009, 1:53 am

Hi Happykat22

Do you mean Internet Explorer?? or Explorer, which controls your desktop, My Computer etc.
I would like to make a donation...what is a suitable amount ?
Thank you... the site appreciates all donantions, but I'll leave the amount up to you :)
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Backdoor.Tidserv!inf removal in process,need additional help

Unread postby Happykat22 » April 14th, 2009, 10:08 pm

I mean Internet Explorer. I uninstalled it and it appears that I have an earlier version of it on my computer that is working....kind of. It is glitchy and crashes, stalls or ceases my computer...but works.

My computer and my control panel when I click on the links...a window opens, but it is empty. So there are some things that seem to have been mucked up a bit from this virus.

It isn't always like this...sometimes it works fine...but it is very glitchy and far less stable.

:)
Happykat22
Regular Member
 
Posts: 19
Joined: February 20th, 2009, 9:11 pm

Re: Backdoor.Tidserv!inf removal in process,need additional help

Unread postby jmw3 » April 15th, 2009, 6:19 am

Hi
When you open Control Panel, do you get an error message, or is it just blank?
I see you your using Symantec AntiVirus. Symantec products have been known to cause this issue with blank Control Panel window. You could try uninstalling Symantec AV.
To do this:
Click Start>>Run>>appwiz.cpl
Click OK

The Add/Remove Programs Control Panel applet should come up. Uninstall Symantec AV. Once Symantec is removed try an Uninstall then Reinstall of Internet Explorer to see if that fixes the issues.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Backdoor.Tidserv!inf removal in process,need additional help

Unread postby Happykat22 » April 18th, 2009, 5:13 pm

I get an error message that tells me that windows has shut down Explorer in order to protect my computer.

Another interesting thing is that I have uninstalled Explorer 8 and a much older version has appeared. I went to uninstall it in the control panel as you suggested, but there is no sign of it in my system.

I restarted and got that message above...and now it will not open at all again.

Is there a way to uninstall this version if you can't see it in the control panel ?
Happykat22
Regular Member
 
Posts: 19
Joined: February 20th, 2009, 9:11 pm

Re: Backdoor.Tidserv!inf removal in process,need additional help

Unread postby jmw3 » April 19th, 2009, 1:44 am

Hi

You won't be able to uninstall that early version of Internet Explorer (I'm assuming it is IE6) as that is part of the Windows Operating System.
I see you have some toolbars installed: Google Toolbar, Yahoo Toolbar, Windows Live Toolbar
Try disabling all the Add-ons such as the ones above. If you can open Internet Explorer click Tools>Manage Add-ons>Enable or Disable Add-ons.... Ensure the drop down list is set to Add-ons currently loaded in Internet Explorer. Highlight each Add-on then in the Settings box click Disable. when finished click OK. Restart Internet Explorer & see if that makes a difference.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Backdoor.Tidserv!inf removal in process,need additional help

Unread postby NonSuch » April 23rd, 2009, 7:05 pm

Due to a lack of activity, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 14 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware