Not sure if I'm infected or not

multimedia · Nov 13, 2008

Well I was infected with a bunch of trojans and stuff but I had a friend take care of all of them and everything seemed good. However, when I turned the computer on there were a bunch of TDSS****.dll files in my system32 folder.

My antivirus program (Norton Symantec and Windows Defender) did not pick up the files as dangerous even though when I searched google they showed up as rootkits.

The offending files themselves are

TDSSmtvd 4KB
TDSSoiqt.dll 36KB
TDSSxfum.dll 72KB
TDSSlxwp.dll 4KB
TDSShrxm.dll 0KB
TDSSvtql.dll 0KB

However for some reason I was able delete them by merely selecting them and pressing the delete button. Should it had been that easy to remove them? I also read on a site that if a computer had been infected by a rootkit that it is not secure and that you should reformat it.
Is this true? Because I would rather not reformat.

TimW · Nov 14, 2008

Welcome to Major Geeks!

There will me additional files that will need removing......

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

If something does not run, write down the info to explain to us later but keep on going.

Do not assume that because one step does not work that they all will not.

READ & RUN ME FIRST. Malware Removal Guide

Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can running steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

multimedia · Nov 14, 2008

Well here are the logs and to my surprise there were still some trojans and viruses in the computer....

multimedia · Nov 14, 2008

MGlogs

TimW · Nov 15, 2008

Yes...the scans picked up the rest of the infections...let's just do this:

Please use add/remove programs to uninstall:
Java(TM) 6 Update 2"
Java(TM) 6 Update 3"
Java(TM) 6 Update 5"
Java(TM) 6 Update 7"
Java(TM) SE Runtime Environment 6 Update 1
Viewpoint Media Player

Run this: Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Use windows explorer to find and delete:
C:\Windows\VEhVIFRSQU4

If you aren't having any other malware issues, then:

If you are not having any other malware problems, it is time to do our final steps:

We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.

If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required

"%userprofile%\Desktop\combofix" /u

Notes: The space between the combofix" and the /u, it must be there.

This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

Delete the C:\combofix folder from combofix (if it exists)

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Go to add/remove programs and uninstall HijackThis.

You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip

If you are running Vista, Windows XP or Windows ME, do the below:

Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.

Then reboot and Enable System Restore to create a new clean Restore Point.

After doing the above, you should work thru the below link:

How to Protect yourself from malware!

Click to expand...

multimedia · Nov 15, 2008

Ah thanks!

Two quick questions.

Do I have to delete the Java or are they harmful to the computer?

And, can I continue to do online banking and what not now that the rootkits are gone or am I still in harms way?

TimW · Nov 15, 2008

Sorry...my bad....yes uninstall old Java, reboot and install:
Java Runtime 6

I would suggest that any online site you use, change your passwords using a different computer.

You should be fine.

multimedia · Nov 15, 2008

Thanks for your help! :-D

TimW · Nov 15, 2008

You are very welcome...safe surfing.

Log in or Sign up

Not sure if I'm infected or not

multimedia Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

multimedia Private E-2

Attached Files:

SASlog.txt

mbam-log-2008-11-14 (18-33-06).txt

log.txt

multimedia Private E-2

Attached Files:

MGlogs.zip

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

multimedia Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

multimedia Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member