Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

backdoor.tidserv!inf

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

mbam log 3

Unread postby kasmir » August 5th, 2010, 6:59 pm

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4370

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

7/31/2010 6:14:20 PM
mbam-log-2010-07-31 (18-14-20).txt

Scan type: Quick scan
Objects scanned: 161430
Time elapsed: 15 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
kasmir
Regular Member
 
Posts: 18
Joined: August 1st, 2010, 6:44 pm
Advertisement
Register to Remove

mbam log 4

Unread postby kasmir » August 5th, 2010, 6:59 pm

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4378

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

8/1/2010 8:36:15 PM
mbam-log-2010-08-01 (20-36-15).txt

Scan type: Quick scan
Objects scanned: 162187
Time elapsed: 18 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{e2e6bddc-e10f-4ad7-8ec5-37c9d767917e} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{65458d34-8093-4f35-ac92-54f6e2e2a6e8} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1621826a-532d-4936-93b9-c2a09b8b7a28} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{341d880c-998a-4521-9ded-46f368dd8bc4} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3eff6ea-62b1-4194-b377-6f5e4c44ff35} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ejctp.dll (Trojan.Agent) -> Quarantined and deleted successfully.
kasmir
Regular Member
 
Posts: 18
Joined: August 1st, 2010, 6:44 pm

mbam log 5

Unread postby kasmir » August 5th, 2010, 7:00 pm

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4378

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

8/2/2010 2:12:46 AM
mbam-log-2010-08-02 (02-12-46).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 249004
Time elapsed: 3 hour(s), 32 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
kasmir
Regular Member
 
Posts: 18
Joined: August 1st, 2010, 6:44 pm

Re: backdoor.tidserv!inf

Unread postby DFW » August 5th, 2010, 7:16 pm

Hi kasmir

I need to bring your attention to the information below.


AS well as the Rootkit.TDSS, and all the other backdoors found by Malwarebytes' Anti-Malware, you are still very infected.

One or more of the identified infections is a backdoor trojan, which can also add a keylogger program that can capture all user keystrokes (including confidential details such username, password, credit card number, etc

http://webcache.googleusercontent.com/s ... clnk&gl=uk
http://www.sophos.com/security/analyses ... botkm.html


Backdoor Trojans are the most dangerous and most widespread type of Trojan. Backdoor Trojans provide the author or "master" of the Trojan with remote "administration" of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer, change settings on the computer and more.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

The only responsible course of action I can advise is to reformat your computer and reinstall windows if you have the means.

If you need any help with this please let me know and I will be glad to give you some assistance or if you have any other questions please feel free to ask.
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: backdoor.tidserv!inf

Unread postby kasmir » August 5th, 2010, 7:23 pm

I have no problem formatting and reinstalling windows, but I never had an xp disk. Some time ago, I used winnt32.exe to reinstall windows and now it (winnt32.exe) is gone. I don't see it in the i386 folder, where I'm told it should be. Maybe it's a one time thing?
kasmir
Regular Member
 
Posts: 18
Joined: August 1st, 2010, 6:44 pm

Re: backdoor.tidserv!inf

Unread postby DFW » August 5th, 2010, 7:58 pm

You may have a recovery partion, most Compaq or hp have this unless you were supplied with a set of recovery disc's if the system is old.

I am not an expert at this type of problem. I would suggest that you go to one of the forums below that specialise in more general computer problems. They have people that know more about this sort of problem.
Tell them why you need to format and post a link to this topic, and have your model number to hand.

Good Hardware and Software Help Forums
Computer Trouble here: http://forum.computertrouble.co.uk/index.php
or
TechSupportGuy here : http://forums.techguy.org/21-windows-nt-2000-xp/
or
VirtualDr here: http://discussions.virtualdr.com/forumdisplay.php?f=48
or
PCPitStop here : http://forums.pcpitstop.com/index.php?showforum=3

All may require you to register free before posting for help.




The re-format process will wipe the computer's hard drive clean, destroying all data and programs installed, so please make sure you back-up all data before re-formatting
the computer's hard drive. This includes address books, email accounts, documents, music, settings, saved games, and anything else not obsolete.
here is some information to help you
http://www.microsoft.com/protect/yourse ... ackup.mspx

Dont forget Items like Hardware Drivers, and the Key Codes and media so you can install any software that you may have installed now


Physically unplug the computer from the Internet before re-formatting.
Do not go back online untill you are protected by a hardware firewall, NAT router, or a software firewall, and have Installed a ANTIVIRUS, or you can be infected in a few seconds going back online,
Then visit the windows updates and download install all Critical updates, keep revisting untill all are downloaded and installed.




Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.




Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware



Download and Install a HOSTS File
A Hosts file is a plain text file which prevents your computer from inadvertently connecting to malware, spyware and adware sites by redirecting the connection request back to your own machine address (127.0.0.1). It is a very effective defense system.
If you are part fo a business network, if you are on AOL, or if you use Norton to scan e-mail, be sure to read the special instructions in the tutorial below..

Be sure to disable the service "DNS Client" FIRST to allow the use of large HOSTS files without slowdowns.
If this isn't done first, the next reboot may take a VERY LONG TIME.
This is how to do it. First be sure you are signed in as a user with administrative privileges:
Stop and Disable the DNS Client Service
Go to Start, Run and type Services.msc and click OK.
Under the Extended Tab, Scroll down and find this service.
DNS Client
Right-Click on the DNS Client Service. Choose Properties
Select the General tab. Click on the Stop button.
Click the Arrow-down tab on the right-hand side at the Start-up Type box.
From the drop-down menu, click on Manual
Click the Apply tab, then click OK


MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer



Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

Malwarebytes' Anti-Malware Setup Guide

Malwarebytes' Anti-Malware Scanning Guide



Good luck

DFW
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: backdoor.tidserv!inf

Unread postby kasmir » August 5th, 2010, 8:08 pm

Thanks. I really appreciate all of the help and information you've provided. It will definitely help to avoid this type of situation in the future. Thanks again.
kasmir
Regular Member
 
Posts: 18
Joined: August 1st, 2010, 6:44 pm

Re: backdoor.tidserv!inf

Unread postby DFW » August 5th, 2010, 8:12 pm

Your very welcome
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: backdoor.tidserv!inf

Unread postby Dakeyras » August 6th, 2010, 5:12 am

Since we have done all we can, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware