JohnMartin
Posts: 8 +0
Today when I sat down with my in-laws computer I was met by a virus warning from the Norman anti virus program.
It said that c:\windows\system32\explorer.exe was infected by TDSSserv.sys and the file could not be removed.
This message came up over and over and over again. I found a guide in this forum that explained how to remove it. And the guide said that I had to delete some driver from "Non-plug and Play Drivers" in the hardware monitor. But the drivers that was listen in that guide, I could not find. They wasn't there...
I started following your UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions guide. And when I made a full system scan with my virus software(step 1), the program didn't find anything.
I then had a look in my quarantine folder in my virus program. And now Norman had manage to move explorer.exe to quarantine.
Together with explorer.exe, Norman had also found another file.
nmiezmcz.sys, infected by W32/Agent.HHSF
Does this mean the computer is "clean" now? Since I was so unsure, I completed your guide anyway, and have attached the logs!
- Did not attach the log from Malwarebytes' Anti-Malware because I installed the program with norwegian language, so I guess that it is hard to understand. But there was zero findings with Malwarebytes' Anti-Malware.
Hope someone could have a look, and tell me if the computer is clean. Or what I have to do..
It said that c:\windows\system32\explorer.exe was infected by TDSSserv.sys and the file could not be removed.
This message came up over and over and over again. I found a guide in this forum that explained how to remove it. And the guide said that I had to delete some driver from "Non-plug and Play Drivers" in the hardware monitor. But the drivers that was listen in that guide, I could not find. They wasn't there...
I started following your UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions guide. And when I made a full system scan with my virus software(step 1), the program didn't find anything.
I then had a look in my quarantine folder in my virus program. And now Norman had manage to move explorer.exe to quarantine.
Together with explorer.exe, Norman had also found another file.
nmiezmcz.sys, infected by W32/Agent.HHSF
Does this mean the computer is "clean" now? Since I was so unsure, I completed your guide anyway, and have attached the logs!
- Did not attach the log from Malwarebytes' Anti-Malware because I installed the program with norwegian language, so I guess that it is hard to understand. But there was zero findings with Malwarebytes' Anti-Malware.
Hope someone could have a look, and tell me if the computer is clean. Or what I have to do..