Jump to content

I have two Trojans

Recommended Posts

I ran MBAM and found that I have two trojans: Trojan.TDSS - memory module and Trojan TDSS - file. I was directed to re-boot my system to complete the removal of these two trojans. After re-booting I ran a MBAM quick scan as a precaution and found that both trojans are still there.

My operating system is Window XP - personal version; browser is Firefox (updated recently) almost exclusively; Avira is my antivirus (free version); I have Spyware Blaster which I update frequently; and I run MBAM about once a week.

Here is the log of MBAM - done within the past couple of hours:

Malwarebytes' Anti-Malware 1.39

Database version: 2479

Windows 5.1.2600 Service Pack 3

7/22/2009 8:43:00 AM

mbam-log-2009-07-22 (08-43-00).txt

Scan type: Quick Scan

Objects scanned: 113697

Time elapsed: 9 minute(s), 12 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

\\?\globalroot\systemroot\system32\geyekrxbibyqgw.dll (Trojan.TDSS) -> Delete on reboot.

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

\\?\globalroot\systemroot\system32\geyekrxbibyqgw.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

And here is the scan from Hijack This:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:01:13 PM, on 7/22/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:









C:\Program Files\Avira\AntiVir Desktop\sched.exe


C:\Program Files\twc\medicsp2\bin\sprtcmd.exe


C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Winamp3\winampa.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe


C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe



C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\America Online 7.0\aoltray.exe

C:\Program Files\Macromedia\Flash Media Server 2\FMSMaster.exe

C:\Program Files\hp center\137903\Shadow\ShadowBar.exe

C:\Program Files\hp center\137903\Program\BackWeb-137903.exe

C:\Program Files\Macromedia\Flash Media Server 2\FMSAdmin.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\Macromedia\Flash Media Server 2\FMSEdge.exe

C:\Program Files\Macromedia\Flash Media Server 2\FMSCore.exe

C:\Program Files\Java\jre6\bin\jqs.exe


C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\twc\medicsp2\bin\sprtsvc.exe



C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe


C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://*.windowsupdate.com

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Flash Media Server (FMS) (FMS) - Macromedia, Inc. - C:\Program Files\Macromedia\Flash Media Server 2\FMSMaster.exe

O23 - Service: Flash Media Administration Server (FMSAdmin) - Macromedia, Inc. - C:\Program Files\Macromedia\Flash Media Server 2\FMSAdmin.exe

O23 - Service: Google Update Service (gupdate1c9e0e7f016fb78) (gupdate1c9e0e7f016fb78) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


End of file - 9953 bytes

Link to post
Share on other sites

The two trojans I have are the TDSS - memory module and TDSS -file.

A half hour ago my computer screen went black. I was on the Fox News website and had clicked on a news report when it happened. No matter what I did, I couldn't get out of it and couldn't do a shut down and reboot, or turn the computer off. I ended up unplugging the computer, waited about 20 minutes and then plugged it back in and turned it on. Everything appears normal.

I don't know if this has anything to do with the two trojans, but it was very concerning.

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.