Jump to content

Please Help, tssd.exe


Recommended Posts

I recently became infected by what avira said was tssd.exe and the program was successful in deleting it. My computer seems to not be running normally.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4345

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18928

7/25/2010 3:48:20 AM

mbam-log-2010-07-25 (03-48-20).txt

Scan type: Full scan (C:\|)

Objects scanned: 275805

Time elapsed: 1 hour(s), 23 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS (Ver_10-03-17.01) - NTFSx86

Run by Mike at 0:20:59.17 on Mon 07/26/2010

Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_18

Microsoft

attach.zip

Link to post
Share on other sites

Updated java, adobe reader, and flash

From AntiVir rook kit and malware scan

Starting to scan executable files (registry).

The registry was scanned ( '1773' files ).

Starting the file scan:

Begin scan in 'C:'

C:\Windows\System32\drivers\ihyklnx.sys

[DETECTION] Is the TR/Agent.767488.15 Trojan

Beginning disinfection:

C:\Windows\System32\drivers\ihyklnx.sys

[DETECTION] Is the TR/Agent.767488.15 Trojan

[WARNING] The file could not be copied to quarantine!

[WARNING] The file could not be deleted!

[WARNING] The file could not be selected for deletion after the restart. Possible cause: A device attached to the system is not functioning.

Link to post
Share on other sites

Antivir has been finding a driver that appears to be malware and is unable to remove it.

My internet connection is being affected by the infected computer causing other computers on the network to struggle to load webpages.

The driver is suspects as malware is ihyklnx.sys which was also recognized by gmer

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4357

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18928

7/27/2010 11:57:45 AM

mbam-log-2010-07-27 (11-57-45).txt

Scan type: Quick scan

Objects scanned: 131355

Time elapsed: 8 minute(s), 3 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS (Ver_10-03-17.01) - NTFSx86

Run by Mike at 17:45:32.37 on Tue 07/27/2010

Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_21

Microsoft

Attach.zip

Link to post
Share on other sites

  • 2 weeks later...

Ok here is the MBAM log

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4423

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18943

8/13/2010 12:34:51 AM

mbam-log-2010-08-13 (00-34-51).txt

Scan type: Quick scan

Objects scanned: 133791

Time elapsed: 11 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

And here is the DDS log

DDS (Ver_10-03-17.01) - NTFSx86

Run by Mike at 0:35:30.85 on Fri 08/13/2010

Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_21

Microsoft

Link to post
Share on other sites

  • Staff

Hi,

You can run Norton's removal tool from here.

Also, you have uTorrent installed.

Please see:

HijackThis Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

Please uninstall it before proceeding.

Next, please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the quotebox below into Notepad:

Driver::

ihyklnx

KILLALL::

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Link to post
Share on other sites

I ran Combo fix and it rebooted my computer but upon restart, no program would run because it gave an error that their drivers were marked for deletion. So I was unable to run a DDS scan. I was able to fix this by doing a system restore, but anyways here is the Combo fix log.

ComboFix 10-08-16.04 - Mike 08/17/2010 14:01:35.2.2 - x86

Microsoft

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.