Jump to content

Recommended Posts

've had issues with my pc for days now.

It would freeze and not connect to the internet, then when it would connect it would take me to bogus sites. It wouldn't let me run any of my antivirus programs like avg, malware, adaware, or spybot.

I removed avg and last night I was finally able to a system restore.

I tried uninstalling malware and reinstalling by going to cached site on google but it tells me it needs overwrite a file that is already there and although it installs the program - I still can't open it or run it or any other one like spybot.

I tried renaming the exe file, I tried opening it in safe mode and nothing. I've disabled the DNSserv and nothing.

I cannot go to the Panada scan site on the net or this forum. I am on another pc right now.

Please help.

Link to post
Share on other sites

This is quoted from one of the forum moderators. Many have been having this issue.

Welcome to Malwarebytes

Please try the following routine to see if you can get Malwarebytes to run.

Click on Start, click Run, and then type devmgmt.msc and click OK

On the View menu click on Show hidden devices

Browse to Non-Plug and Play Drivers and you should see something like TDSSserv.sys

Highlight that driver and right click on it and select DISABLE

Now RESTART your computer.

Download a copy of Malwarebytes but DO NOT run it yet.

Rename the downloaded installer file to any generic name such as your own name but keep the .EXE extension on the file and run it.

Once the program is installed go to the UPDATE tab and try to update the program if you can.

Then go to the SCANNER tab and run a Quick Scan and allow MBAM to fix anything found.

If that does work then please follow the routine below and post a new topic in the listed forum with the requested information.

Please read and follow the instructions provided here: http://www.malwarebytes.org/forums/index.php?showtopic=2936

When ready please post your logs here: http://www.malwarebytes.org/forums/index.php?showforum=7

Someone will be happy to assist you further with cleaning your system.

During this scan and cleanup process you should not install any other software unless requested to do so.

Link to post
Share on other sites

This is quoted from one of the forum moderators. Many have been having this issue.

Welcome to Malwarebytes

Please try the following routine to see if you can get Malwarebytes to run.

Click on Start, click Run, and then type devmgmt.msc and click OK

On the View menu click on Show hidden devices

Browse to Non-Plug and Play Drivers and you should see something like TDSSserv.sys

Highlight that driver and right click on it and select DISABLE

Now RESTART your computer.

Download a copy of Malwarebytes but DO NOT run it yet.

Rename the downloaded installer file to any generic name such as your own name but keep the .EXE extension on the file and run it.

Once the program is installed go to the UPDATE tab and try to update the program if you can.

Then go to the SCANNER tab and run a Quick Scan and allow MBAM to fix anything found.

If that does work then please follow the routine below and post a new topic in the listed forum with the requested information.

Please read and follow the instructions provided here: http://www.malwarebytes.org/forums/index.php?showtopic=2936

When ready please post your logs here: http://www.malwarebytes.org/forums/index.php?showforum=7

Someone will be happy to assist you further with cleaning your system.

Yes, I did do this - I meant TDS not DNS - it didnt work and I cannot run any antivirus program.

During this scan and cleanup process you should not install any other software unless requested to do so.

Link to post
Share on other sites

Are you able to run HijackThis if you rename it? If you are then you should run it according to the instructions here: http://www.malwarebytes.org/forums/index.php?showtopic=2936 and then post your log in a new topic here: http://www.malwarebytes.org/forums/index.php?showforum=7 If that won't work, then you can try running Dial-a-fix by downloading it from here: http://wiki.lunarsoft.net/wiki/Dial-a-fix The page contains instructions on it's use and the download is near the bottom of the page. What you want to do is start the program and click on the button at the bottom that says Policies and a new window will open, in the new window place a check next to any items listed in the white box and click the Remove button to fix the selected policies. After that, try running MBAM and HijackThis. Please keep in mind that Dial-a-fix will not function on Vista (and it will pop up with a dialogue telling you as much), but if it's on XP it will run.

Link to post
Share on other sites

Are you able to run HijackThis if you rename it? If you are then you should run it according to the instructions here: http://www.malwarebytes.org/forums/index.php?showtopic=2936 and then post your log in a new topic here:

http://www.malwarebytes.org/forums/index.php?showforum=7 If that won't work, then you can try running Dial-a-fix by downloading it from here: http://wiki.lunarsoft.net/wiki/Dial-a-fix The page contains instructions on it's use and the download is near the bottom of the page. What you want to do is start the program and click on the button at the bottom that says Policies and a new window will open, in the new window place a check next to any items listed in the white box and click the Remove button to fix the selected policies. After that, try running MBAM and HijackThis. Please keep in mind that Dial-a-fix will not function on Vista (and it will pop up with a dialogue telling you as much), but if it's on XP it will run.

Hi,

I tried the dial-a-fix and it didn't find/list any selected policies/items to remove.

I was able to download and run Hijackthis and this is my log result:Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:57:31 PM, on 12/1/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\stsystra.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\dwwin.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

R3 - URLSearchHook: (no name) - - (no file)

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab53083.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.yorkphoto.com/YorkActivia.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab53083.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://sympatico.zone.msn.com/bingame/zpag...he.cab53083.cab

O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab53083.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab53083.cab

O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab53852.cab

O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/activex/v...acheManager.CAB

O20 - AppInit_DLLs: karna.dat

O22 - SharedTaskScheduler: coxite - {6b9a461b-893f-45ee-8c59-06d3a2223b24} - (no file)

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 7954 bytes

Link to post
Share on other sites

Excellent, I'm glad you were able to get it to run. To continue the cleanup process with one of the malware removal experts please post a new topic which includes a copy of your HijackThis log as well as a link to this topic here: http://www.malwarebytes.org/forums/index.php?showforum=7

Good luck and safe surfing, and if you have any more trouble or questions just let us know.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.