Hacktool.Rootkit and Backdoor.Tidserv!inf

Status
Not open for further replies.
D

Dough1397

Posts: 6   +0
Hi, I've been having difficulty removing this virus from my computer. I also have a problem with Backdoor.Tidserv!inf

Wondering if anyone could of assistance. I'll include my HJT log, hopefully it is helpful. Let me know if anything else is req'd.

I've follow the symantec website instructions numerous times, only to have these both come back.

the Path of the infections are:

backdoor.tidserv!inf
C:\WINDOWS\Temp\

Hacktool.rootkit:
C:\Documents and Settings\Nikesh\Local Settings\Temp\

I hope thats a good starting point....
 

Attachments

  • hijackthis.log
    9.6 KB · Views: 11
I've followed those instructions... although I disabled the symantec AV, rather than uninstall...

Starting today i've been getting these popups saying

*filename.exe* - Bad Image
The application or DLL *C:\Windows\system32\filename.dll* is not a valid Windows image. Please check this against your installation diskette.

they have the red x to the left of the popup.... Its a windows popup and not a internet one....

Hope I can get some help with this, Thanks!
 
Dough1397 said:
I disabled the symantec AV, rather than uninstall...
Click to expand...
That's a contradiction
You can't disable Norton, and I lost count at how many startups and services are presently running just for this one Program in your HJT log. I noticed that it didn't help in you getting the infection in the first place either!

I can't stress enough to you to remove it, and use a far better Antivirus, like Avira which is also free ;) But if you reeeaally want it (norton) then you will need to do this all over again oneday (soon) By the way, Norton usually corrupts when a virus is found, how strange is that :confused:

Anyway, I'll try to continue, please remove these from HJT log (ie tick and fix)
O4 - HKLM\..\Run: [CPM336919cb] Rundll32.exe "C:\WINDOWS\system32\rujamika.dll",a
O4 - HKLM\..\Run: [sowurovigi] Rundll32.exe "C:\WINDOWS\system32\tutatezu.dll",s
Click to expand...
Then, we really need to scan with an Antivirus! So do this:
http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.htmlRun Kaspersky Online AV Scanner

In order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click on "My Computer"
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Attach the report into your next reply
 
ok, so i guess you do have to tell me twice... i uninstalled symantec AV, installed Avira, deleted those hjt reg keys... and I am going to start the kaspersky thing in a sec...

the purpose of this message is to ask, should i start the 8 steps again seeing how i uninstalled symantec AV? I've run hjt again, attached is the log.


Thanks!
 
No I wouldn't run the 8-step process in full again

By the way I hope Kaspersky picks up these files
If not just run HJT again and tick and fix this entry: (oh and after restart delete the two bolded filles)
O20 - AppInit_DLLs: c:\windows\system32\rujamika.dll,C:\WINDOWS\system32\gefejobu.dll
Click to expand...

By the way, as per norm, Symantec just doesn't want to let go!
Please tick and fix the following entry in HJT too
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
Click to expand...

Once done run CCleaner again

Then restart again, and supply all the logs :)
 
Looking good..... avira is picking up a few things here and there, see the events.txt

Thanks again :)
 

Attachments

  • hijackthis.log
    8.8 KB · Views: 7
what about:

O2 - BHO: (no name) - {b2ab05b8-e568-4e6e-8a30-d002bd7fb106} - C:\WINDOWS\system32\merilaro.dll (file missing)


doesn't sound normal....
 
All "File Missings" can be left doing nothing, or the entry removed
Either way, it is not doing anything, and is not Malware (any longer ;) )
 
so is that it? Am I good or should i supply some more logs?

Seemed pretty quick?!

Also, is Avira the best? I dunnoh if I like it lol... it makes my computer beep loudly when it finds something. Any other recommendations?
 
You are good to go. All done
Avira is posted in the guide therefore tried and proved, worth keeping.

Title: "Hacktool.Rootkit and Backdoor.Tidserv!inf" --- > Resolved

Have a nice day :)
 
Status
Not open for further replies.

Similar threads

V
Inactive Adobe Flash not working, Malwarebytes and Combofix can't run
Replies
10
Views
3K
Broni
Broni
AArrowwood
  • Locked
Inactive-A AArrowwood laptop Malware/Virus infection
2
Replies
48
Views
6K
Broni
Broni
R
Inactive MWB blocking 2 Outbound IPs--88.214.193.212 and 185.48.58.8
Replies
9
Views
3K
Broni
Broni

Latest posts

Back