Hi LP9,
LP9 wrote:I would like to check and see if the infection is still there any suggestions? I was also getting web and search redirects (now also stopped).
You have several indicators which point to a possible Tidserv rootkit infection. You may have eliminated some of the symptoms, but you will need help to get rid of the infection itself. Your best bet is to register and post at one of the forums mentioned earlier by delphinium.
I don't know about Windows Defender but you can rule a fill scan with Microsoft's Malicous Removal Tool(MRT). I assume you downloaded as part of a previous WIN Updates.
It removes a lot of rootkits. People don't realize you can run it on demand and do a full hard drive scan.
To run it:
Click on Start -> then select Run.
Next type in MRT and hit Enter. Go to the second screen and select Full Scan then Next.
It will run for a while. Not the fastest scanner in the world.
Please go to the other Malware Removal Forums listed to get your system cleaned and checked in a step by step logging methodical manner.
Quads
Will do, thanks. This will be my last post in this thread.
Thanks to all for your help.
No, NIS is not compatible with Windows Defender because it offers the same antispyware functionality as Windows Defender.
Just download and run TDSSKiller: http://www.kaspersky.com/downloads/utils/tdsskiller.zip
Read instructions from here: http://support.kaspersky.com/viruses/solutions?qid=208280684
Go to the other forums, to get trained people who can do what I do and the forum is protected.
They will also check or other problems by logging and left behinds to make sure the system is clean.
I no longer do the work on this forum,
Quads.
LP9 wrote:Will do, thanks. This will be my last post in this thread.
Thanks to all for your help.
No -- please come back and tell us what they found and that it was dealt with so that you are back in operation again.
Yoiu might need some guidance on making sure that Norton is still OK after all this ......
@ Quads
you said that TDL got updated so does TDSS killer still helpor is it not any good!
BanMidou.
TDSS killer is an constantly updating tool. If Kaspersky Lab will catch new(or previously unknown) TDL sample then they will update this tool.
Don't worry about it effectiveness - it's an ongoing process.
Symantec provides a removal instructions and a free removal tool for TidServ and it has been recently updated: http://www.symantec.com/business/security_response/writeup.jsp?docid=2010-090608-3309-99.
I also don't agree with this referral to third party virus removal sites where free removal methods are provided by Symantec.
Has Symantec management consider how ludicrous it appears to a home user who has been infected by malware and has a Symantec security product license to be referred to a freebie third party removal site? More so when equivalent removal tools are provided by Symantec? I guess they only want to add insult to injury and have individuals use their $99 minimum removal service that doesn't offer a guaranty.
Does Symantec really believe customers are that stupid? It appears so.
My God, I am surprised Symantec is still in business!
Yep, it's a bit frustrating. Many antivirus companies offers their removal services for free for legitimate customers. Some of them, like Kaspersky Lab, does have an volunteer team who will respond on every malware incident(911 Antivirus Service , for example)
I really don't understand this policy by Symantec. But what can we do?
@ Nerimash
thanks for Clarifying also is 911 for all antivirus or Kaspersky users only?
it's free for all
ATTENTION:•The 911 Antivirus Service consultants are helping you for free. Please be patient, respect their work, and carefully follow their instructions.
•Kaspersky Lab and the 911 Antivirus volunteer consultants assume no responsibility for possible harm caused by a virus during resolution of a security problem.
Hmm never new about it thanks a lot !!!
The forums recommended for malware removal have been checked to ensure that they are knowledgeable, and capable of removing serious malware infections without damage to the user's system. I spent a fair bit of time on all four of them to make certain that they could safely identify and remove rootkits, bootkits and had the tools necessary to repair problems that can crop up during removals.
Other forums can probably do it as well, but a great many suggestions floating around the internet on how to fix things are absolute disaster. Always check out any forum to make sure it can help you before handing over your machine.
Yup true
but the page say in difficult cases Kaspersky people help
Thats nice!!
@delph Why not check out this forum too!!
Besides Bleeping gets really buisy at times
This service(911) contains not only volunteers as helpers but Kaspersky Lab experts too. They will help you in very diffictult situations.
911 Service volunteers need to make a real study when they wanna become anti-malware helpers. I'm telling you this because I know this, because I'm a student. We are learning hard in different ways and tools like HijackThis, AVZ, Gmer, Combofix, etc
@ Nerimash
Hmm So do you need a degree or some certification to join this study/course
Even I would love to But I`m not a software engineer or some one who has any Certification related to any sofwtare / hardware related course
BanMidou wrote:@ Nerimash
Hmm So do you need a degree or some certification to join this study/course
Even I would love to But I`m not a software engineer or some one who has any Certification related to any sofwtare / hardware related course
Just for informational purposes. I am enrolled in the course offered here: http://www.malwareremoval.com/university.php
Each and every training location has it's own set of rules and own set of criteria. As you can see, this one has no "engineer/certification" requirement, but does have limits to the assistance that enrollees can provide while in training. It appears most training has different requirements and different levels of enforcement. I am only 3 months into my training ( a newbie) and it is truely a long process - but from what I have heard from all those who are Microsoft Security MVP's - a very good course. I just hope I can get through it. So if you have a question on malware - I may not answer it while I am in training - even if I know the answwer and could help. It is one of the safeguards provided by MRU - as delphinium tried to explain earlier in this thread.
