Jump to content

Cannot run MBAM or find TDSSserv.sys


Recommended Posts

My laptop is infected with XP Security Centre, or something of the sort.

MBAM won't run, however, the laptop has two accounts - my own, and my dad's. My dad's account doesn't seem to be infected in the least, and MBAM will run on his account - I did so, but it did not pick up or destroy the virus files.

I saw these instructions;

Link to post
Share on other sites

Hello and welcome to the Malwarebytes.org! :P

I will be helping you today. :) If you still need help, please let me know by replying to this thread. :P

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

Please run a scan with OTL:

  1. Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlDesktopIcon.png icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]In the custom scan box paste the following:

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s

[*]Push the runscanbutton.png button.

[*]Two reports will open, copy and paste them in a reply here:

  • OTL.txt <-- Will be opened

As well as a scan with gmer (unless you have a 64bit system):

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
    gmer_zip.gif
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

Please post back the log of OTL and gmer in your next reply.

regards myrti

Link to post
Share on other sites

I cannot use the internet on the account which is infected, or at least, not internet browsers.

Will I need to be on that account when I download things?

Also, I managed to get MBAM to run. But, it did not pick up the virus.

Here's what I posted in another thread, in the wrong place;

I have had a very strange virus for the last day or so.

It stopped malwarebytes from running, but using rkill I was able to stop this, and run MBAM.

It picked up nothing besides a trojan and two adawares, and the virus is still at large.

The main process seems to be 'ave.exe' which I have been told is associated with XP Total Security and Vista Total Security.

The virus I'm seeing appears to be 'XP Security Center'.

I cannot, repeat, cannot delete 'axe.exe'.

I seems to be located in my Documents and Settings, under Local Settings\Application Data\ave.exe

When I navigate to this file, the popups start up, but however, when I go to Application Data, even with hidden files showing, it is not there.

Also using command prompt to delete the file will not work.

I've been speaking to technical administrator about it, and he has suggested many, many different things to get this virus to go away - none have worked.

Any files associated with either virus (XP Total Security or XP Security Center) have not been found, nor have any processes or HKEYs. I cannot remove this file.

ave.exe seems to be causing the problem, as I've said.

Is your advice still valid?

Link to post
Share on other sites

I've tried following your advice using my dad's account, as I cannot access IE on my own, and when downloading and saving OTL to desktop, I recieved this error:

C:\Documents and Settings\Paul\Desktop\OTL.exe is not a valid Win32 application.

Link to post
Share on other sites

Hi,

could you please download a fresh copy of OTL and try once more.

Please also click here or here to download Findykill to your desktop.

Note : the name of the file is setup.exe

  • Close all your windows.
  • Double click on Setup.exe
    Note : Vista users, please right click on Setup.exe and choose "Run as administrator"
  • Select option "E:English" by typing E and press "Enter"
  • Select option "1 # Search" by typing 1 and press "Enter".
    Please wait ...

When done, log.txt will open. Please copy/paste the content of the log.

You can find the log at C:\log.txt

regards myrti

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.