skybye2 Posted December 21, 2009 ID:173774 Share Posted December 21, 2009 hello,mbam says i have a tdss rootkit and it removes it but it just comes right back. I followed the instructions in the pinned post and used rootrepeal. please have a look at the report so i know if thats the correct .sys file to wipe (its the only one it finds but i need to know for sure) i really need some help my computer is playing random audio by itself and im getting googleupdate errors "the breakpoint has been reached"thx,ROOTREPEAL © AD, 2007-2009==================================================Scan Start Time: 2009/12/21 14:15Program Version: Version 1.3.5.0Windows Version: Windows XP Media Center Edition SP3==================================================Hidden/Locked Files-------------------Path: C:\WINDOWS\system32\H8SRTpfqhylksru.datStatus: Invisible to the Windows API!Path: C:\WINDOWS\system32\H8SRTuymrrcmqvi.dllStatus: Invisible to the Windows API!Path: C:\WINDOWS\system32\H8SRTwsbmuwujru.dllStatus: Invisible to the Windows API!Path: C:\WINDOWS\Temp\H8SRT392b.tmpStatus: Invisible to the Windows API!Path: C:\WINDOWS\system32\drivers\H8SRTpkostirskn.sysStatus: Invisible to the Windows API!Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\H8SRTfdc0.tmpStatus: Invisible to the Windows API!Path: c:\documents and settings\hp_administrator\local settings\temp\~df58e3.tmpStatus: Allocation size mismatch (API: 16384, Raw: 0)Path: c:\documents and settings\hp_administrator\local settings\temp\~df6138.tmpStatus: Allocation size mismatch (API: 16384, Raw: 0)==EOF== Link to post Share on other sites More sharing options...
kahdah Posted December 22, 2009 ID:173976 Share Posted December 22, 2009 Hello skybye2Welcome to Malwarebytes.=====================One or more of the identified infections is a backdoor trojan or rootkit.This type of infection has the capabilities to allows hacker to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. Link to post Share on other sites More sharing options...
Recommended Posts