05-16-2010 01:26 PM
I tried to Fix those entries in Hijackthis, but they just keep coming back. Should I do anything else to get rid off them for good?
Also, when you mentioned that TDSS killer should come back and fix all the time, does that mean I have to run TDSS killer frequently or is there a way to run it automatically?
TDSSkiller when run now should not detect anything.
Try this, Download HostsXpert.exe http://homepages.slingshot.co.nz/~crutches/Loggers
When you start the program, it will ask to make the hosts file writable, click OK
1) You can delete each individual line you want to remove
2) You can use the "Restore MS Hosts - Restores the hosts file to Microsoft's original hosts file" button.
05-16-2010 01:50 PM - edited 05-16-2010 01:50 PM
I ran TDSS and it did not detect anything.
I tried to run the HostsExpert. I answered yes to the questions it asked, but when I tried to Restore MS Hosts file, I get an error that "Cannot create file c:\windows\system32\drivers\etc\hosts"
I went to the directory and I see only one file with today's date called "hosts.new" created earlier this morning, probably when I first turned on the computer. All the other files in this directory are from 2004.
05-16-2010 02:17 PM
05-19-2010 07:45 PM
Make writeable box has a lock on it and will not unlock. I am still getting an error that it cannot create file.
FYI - I am running Windows vista , in case that matters.
05-19-2010 08:04 PM
You are not running Vista, as I know by the Hijackthis log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:54:10 PM, on 5/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal
then your Avenger log
If you click on the "Make Writable" button it changes to "Make Read Only" click the button the right hand side goes from Grey to White.
If you don't click the "Make Writable" first you get the Error
05-21-2010 05:42 PM
You are correct. For some reason I was thinking XP and wrote Vista. I am still not able to toggle the Make Writeable to allow the program to right. I tried clicking on the toggle button, but it is not changing.
By the way, regarding protecting against prevent future virus attacks is Norton alone enough or should I purchase Malwarebytes or other programs?
06-07-2010 03:29 PM
I am getting access denied message when I try to run mvps.
Also, Norton idle scan found some trojans and quarantined them. Not sure if these are left over from the previous attack or new ones. These things were found on two separate occassions. I ran Malwarebytes after that to run a full scan, but it did not find anything and neither did TDSSkiller.
Here are the trojans that it said it quarantined.
Should I do anything else to clean up what ever else is remaining?
06-10-2010 04:50 PM
I no longer remove Malware via this forum due to the danger level of this forum. I have told Bleeping Computer why.
You may want to go to Bleeping Computer and they in the end may use the likes of OTL or Avenger to reset or swap the HOSTS file, like I did earlier in swapping the TDL infected driver.