Infection Resolving Team

[Neverhavemoney]

Re: Security Team

No Airbot, the virus is very smart and wont allow any malware or spyware programs(exc comodo) to show on the screen. The weird part is when i go to task manager, click on processes, it is right there. It just wont show on the screen
Bem

 

[RichFrogg]

Re: Security Team

I was just talking to someone here at work. She has the same virus.

They should start educating people when they sell PC's. She had no idea that she was dealing with a virus. As soon as she said she's getting pop-ups telling her that she has 32 viruses, I knew exactly what it was (thanks to this forum!).

 

[Barman58]

Re: Security Team

Hi Ben,,
Have a look Here ...

How to remove Antivirus 2009 (Uninstall Instructions)

Remember Safe mode with networking is your friend

 

[Neverhavemoney]

Re: Security Team

Thanks you all very much for the info. In the end, i called my teacher and i offered the two optitions and she actually wanted me to do a PC restore.
Thanks everyone
Ben

 

[RichFrogg]

Re: Security Team

Thanks you all very much for the info. In the end, i called my teacher and i offered the two optitions and she actually wanted me to do a PC restore.
Thanks everyone
Ben

That's probably the easiest and best option. That's what I told my co-worker to do. Back up anything you want to save and wipe the slate clean.

I'm buying my daughter a laptop for Christmas, I already told her that before she gets it we're going to sit down and go over ways to keep her computer safe and working well.

 

[NormCameron]

Re: Security Team

IESVG is the Adobe SVG plugin for IE
Adobe is the Flash Player plugin

SYMCHECKUPSTUB.EXE usually is associated with Symantec Corporation; Norton PC Checkup Stub Application

Your program is showing these as potentially unsafe although they pose no malicious risk.

TDSSBRSR.DLL is part of a trojan that hijacks browsers in order to produce popup advertisements from known badsites and also has rootkit functionality in order to hide itself as a system driver.

• Alias:
  • Rootkit.Agent!sd6 [PCTools]
  • Hacktool.Rootkit [Symantec]
  • Rootkit.Win32.Agent.fhv [Kaspersky Lab]
  • Generic Downloader.x [McAfee]
  • Troj/Agent-FYA [Sophos]
  • TrojanDownloader:Win32/Perkesh.gen!A [Microsoft]
  • Rootkit.Win32.Agent [Ikarus]

How to remove TDSSBRSR.DLL
Author:TDSSBRSR.DLL Hits: UpdateTime:2008-10-20 9:36:39
TDSSBRSR.DLL removal

TDSSBRSR.DLL and detail of TDSSBRSR.DLL:
TDSSBRSR.DLL description :The filename TDSSBRSR.DLL was last seen on 10.19.2008, and it is considered unsafe. This threat is associated with the malware group rootkit.agent. Threat name rootkit.agent Filename [System32Root]\tdssbrsr.dll Filesize Unknown Last seen 10.19.2008 Status Known to RemoveIT Pro as unsafe. This file can perform following behavior. - Usualy created by unsafe process. - Registered as a Dynamic Link Library File. - Usualy have random filename and refers to many versions of a dynamic link library. - Can be injected/attached to the legitimate Windows process such as explorer.exe or other.

TDSSBRSR.DLL remove instruction
1. Temporarily Disable System Restore, Reboot computer in SafeMode;
2. Locate TDSSBRSR.DLL virus files and uninstall TDSSBRSR.DLL files program. Follow the screen step-by-step screen instructions to complete uninstallation of TDSSBRSR.DLL.
3. Delete/Modify any values added to the registry related with TDSSBRSR.DLL,Exit registry editor and restart the computer;
4.Clean/delete all TDSSBRSR.DLLinfected file(s):TDSSBRSR.DLL and related,or rename TDSSBRSR.DLL virus files;
5.Please delete all your IE temp files with TDSSBRSR.DLL manually,run a whole scan with antivirus program ;

How to remove TDSSBRSR.DLL|Virus Com

The other DLL's are derivatives of the above and should be deleted the same way.

 

[sjb007]

Re: Security Team

Hi Ben

The TDSS infection is a rootkit infection and can be nasty. It installs at root level and roams about undetected by most AV's and scanners. It is dangerous and incorrect to assume that because the rootkit has been removed the computer is now secure.

TDSS can be removed by the use of special tools under guidance, I myself have helped users remove this infection. Even though you mention that you have done a system rollback, if you are having problems, or feel things are not right I would advise that you post in a dedicated security forum that is ASAP affiliated where someone with experience on removing such infections can advise you further.

Regards

 

[Neverhavemoney]

Re: Security Team

thanks sjb007 but i am all set. The rollback restores the computer to the exact format as when i got it out of the box. Everything is all set.

And i am very sure that i have very helpful people on this site.
Thanks very much for the info as well

Also Thanks very very much barman and Norm.
Very helpful info.
See, even i have problems with viruses. Im no where near an expert(clearly), but i do try my hardest and solve a lot of problems.

Thanks again.
Ben

 

[Neverhavemoney]

Re: Security Team

Hey everyone,
My uncle is on the board of security for Blue Cross Blue Shield. He is amazing with the security aspect of computers. I was talking to him about the TDSS trojan and he was telling me a couple things. I was so mad at myself for one thing imperticular that i didnt think of.

When someone gets infected with that type of trojan, once it is detected, it will jump off of that file, go to another, and use that one.

My uncle told me that i should have unchecked the system restore optition when something like this comes up

I was like why would i do that it would ruin any chance for recovery if the trojan were to screw anything up.

The system restore holds a copy of what your computer files, ect look like. If the trojan goes around to different files, even if i find it on the normal section of my HD, i still will have it in the system restore files.

I was so upset with my self when i had found this out. So i know now that i will have to disable that feature when you have a virus like that.

Darn o well ill know for next time something happens.

Ben

 

[Joan Archer]

Re: Security Team

My take on that would be that you only disable it when you know you have a clean machine, that is when you get rid of the old restore points and set a new one.

At least then if you screw up while trying to clean the machine at least you can still get into it even if it's dirty, then you can try the clean up again.

 

[PainlessTorture]

Re: Security Team

Hey Ben, I had never actually realised that a virus would still be in my restore files - how did I miss that!? :eek:

Thanks for the tip

 

[Neverhavemoney]

Re: Security Team

Good point Joan,
I guess that makes sense.

and i know how you feel Fmjc,
I was like wow how did i miss that
aSDFASDFSADFASDF
haha

 

[PainlessTorture]

Re: Security Team

Good point Joan,
I guess that makes sense.

and i know how you feel Fmjc,
I was like wow how did i miss that
aSDFASDFSADFASDF
haha

Well, you learn something new every day

 

[Neverhavemoney]

Re: Security Team

Exactly,
We might have an incoming help needed. Someone just posted about the Trojian Vanderboild.
They need help
Lets help them out.
Ben

 

[PainlessTorture]

Re: Security Team

Where is the post Ben?

 

[Neverhavemoney]

Re: Security Team

it is in the security section on the site. I told the person that they should come and post here but im not sure if they are going to. I was just giving you peoplke a heads up incase they do

 

[Neverhavemoney]

Re: Security Team

Hey everyone 100 replies on this forum and a ton more to go!

Thanks and congrats to alll members!!!

 

[MSPRISSYSMUM]

Re: Security Team

I want to know which is the best Anti-virus protection for the money.

 

[Airbot]

Re: Security Team

I'd say any of the good free ones. Avast Home Edition, Avira, Comodo, AVG. Some good paid versions...Eset NOD 32, Kapersky.

 

[Neverhavemoney]

Re: Security Team

Most likly Comodo or Avir AV, they are both in brinks free software list. For Paid, either

Norton Internet Security 2009 :D

ESET Smart Security :D