By ladyknight · 8 replies
Jan 3, 2009
  1. I was directed here to start a thread regarding my issue.

    This morning when I turned on the pc, TrendMicro popped up saying I needed to reboot to get rid of this trojan. I did that.

    Then about 1 hr. later I noticed that my pc was running at 52% and I didn't have anything open. I tried to update Trend again and could not get to the site. I tried other antivirus sites, all blocked.

    I found this site and proceded to do the 8 steps, but to no avail. I did manage to get MBAM. I ran that and it found several. It cleaned it. It said it needed to reboot to finish deleting the files. I had already turn system restore off.

    I rebooted and once again tried to get to Trend...could not. I did manage to get the manual removal from Trend through someone else.

    When I looked up the files, they were not on my pc.

    Then I came back here and found that I had a reply. I was given a link to this:
    How to Disable ‘tdssserv.sys’ Trojan Identified With Update Failure and Redirected Searches.

    I did what it said, but the file did not exist.

    Can anyone help?
  2. rf6647

    rf6647 TS Maniac Posts: 829

  3. ladyknight

    ladyknight TS Rookie Topic Starter

    I was up till 4:30am with this.

    This is what I have done so far:

    I was able to download AVAST, MBAM and SAS through download.com. Deleted files as it said. Logs attached.

    Start in safe mode with networking. I was able to get to TREND and used HOUSE CALL.
    In the middle of the scan, I was unable to get to get to support or info regarding this trojan. HOUSE CALL did find 2. Worm_download.A and a file in system32 called X. It deleted both. Still could not update.

    I went to another pc and was able to get solution for this trojan and followed all it said. Rebooted and still cannot get to any anti-virus site :(

    I will upload hijack this next. I am tired.

    View attachment 40743

    View attachment 40745

    View attachment 40746

    I tried to edit the other post to put in the 2nd SAS but it wouldn't allow me.

    2nd SAS log
    HJT log
  4. rf6647

    rf6647 TS Maniac Posts: 829

    Another member gave us feedback about his case - re-installed the fireware & adjusted some settings.

    Like that case, the infection on your computer appears to be handled. Quick scans disable the threats; Full scan cleans files / folders.

    zroni99 Fixed Back on online >> will give you an idea what he went through.
  5. ladyknight

    ladyknight TS Rookie Topic Starter

    If it is handled then why can't I get to any antivirus sites? Are you saying that I should reinstall Trend?
  6. rf6647

    rf6647 TS Maniac Posts: 829

    Where do you want to push on this problem? Test the firewall later with numeric URL in place of text URL. Test with direct manual entry.

    Here is a stronger scanner -
    Please run ComboFix & HJT. ComboFix cleans & provides diagnostic information that is used to find enabling infection that remain or just residue. As with most scans, the repeat scan looks for any infection that is now unmasked or a clean run. Always assess if symptoms remain.

    Supporting information
  7. ladyknight

    ladyknight TS Rookie Topic Starter

    I wasn't trying to push a problem. Thanks for the help
  8. rf6647

    rf6647 TS Maniac Posts: 829

    Oh! I think I understand it now. TY is bidding a farewell.

    My meaning is that the exploit to frustrate reaching anti-malware sites is not understood by me at this time. Re-installing the FW was considering the possibility that the infection compromised the firewall by inserting new security policies. After raising concerns, Combo_fix was suggested as a way to check that possibility, but not always effective as evident in the cited case.
  9. bobbydiaz

    bobbydiaz TS Rookie

    A laptop user has brought the same worm into my network. I am still working on getting it off the servers and clients. But as for internet access to all of the Anti-virus websites and Windows update, if you disable the DNS Client in Services, you will be able to get to all sites again.

    To get to services, Go to Start/Run type in services.msc then hit ok. Look for DNS Client and Stop it. This will allow you to get all Windows Updates and TrendMicro updates. You can leave DNS Client disabled, it is only to help have less traffic over the network.

    But from my experience it causes more problems.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...