Not what you are looking for? Ask the experts!
Seneka Rootkit with TDSServ
The file with the name TDSServ is used by more than one Malware under different names, The one that seems to be doing the rounds at the moment is the Variation that has the Seneka Rootkit, Can also enter on the back of "AntiVirus 2009"
This seems to be the order of removal for this nasty piece of work. The drivers are in use
1. You have to disable the drivers, Reboot, then Remove. By doing this,
Go to the "Control Panel" click on "System
Click on the "Hardware" tab.
Click on "Device Manager" to open it
Click 'View' in the menu and select 'Show Hidden Devices'
Expand the 'Non-Plug and Play' Drivers category
(If you find them, You can tell me), Right-click and 'Disable' "clbdriver.sys", "msqpdxserv.sys", "tdsserv.sys" (or tdssxyz.sys where xyz.sys are random characters), and/or "seneka.sys"
Restart computer to Safe Mode
After restart, go back to Device Manager and right-click 'Uninstall' for the above drivers
Then Use the latest Version of "SDfix", Instructions
How to use SDFix:
1. Download SDFix and save to your Desktop.
2. Install SDFix: double-click on the SDFix. If a “Security Warning window opens”, click on the Run button.
3. Follow the prompts.
4. Reboot your PC in to Safe mode.
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
- Instead of Windows loading as normal, a menu should appear
- Select the first option, to run Windows in Safe Mode.
5. Click Start -> Run,type the following text in type box: C:\SDFix\RunThis.bat
6. Press Enter or OK button.
7. When the tool is finished, it will produce a report for you.
If this error message is displayed when running SDFix:
The command prompt has been disabled by your administrator. Press any key to continue . . .
Please goto Start Menu > Run > then copy and paste the following line: %systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.reg
Press OK then run SDFix again
If the Command Prompt window flashes on then off again on XP or Windows2000
Please goto Start Menu > Run > then copy and paste the following line: %systemdrive%\SDFix\apps\FixPath.exe /Q Reboot and then run SDFix again
Then apparently the SAS pre-release will remove the ruminants http://www.superantispyware.com/prerelease.html
Try that for the guys that are getting infected with this form that's doing the rounds.
Message Edited by Quads on 12-07-2008 08:51 AM[edit: edit at Quads request.]
Message Edited by Allen_K on 12-11-2008 08:11 AM