Premudriy

Members
  • Content count

    4
  • Joined

  • Last visited

About Premudriy

  • Rank
    New Member

Contact Methods

  • ICQ
    0
  1. Oh, here's one last information: that customer called me and told how it all happened. Firewall showed popup that antivirus2009 was trying to access the internet. He thought it was an update for Avira. LOL! He let it through and it all rolled down the hill. Good thing though is that maybe now he learned a good lesson (as well as I learned about TDSS).
  2. Well, I'm a computer tech myself, it just was the first time that I've seen this specific nasty virus on customer's PC. I usually install Comodo Firewall, Spybot, and AntiVir antivirus for them and configure it. I also install Mozilla Firefox with the following plugins: Ad-Block Plus, Ad-block Plus Element Hiding Helper, Adblock G.Filter Updater, FlashBlock, and NoScript. Plus I always tell them not to click on some rogue software links and that they don't need to install any other antiviruses etc., no matter how good the advertisement might look. This is my first time using Malwarebytes. Usually I used HijackThis and was always able to get rid of stuff. Then scans by Spybot, Ad-aware(which became bad now), and Avira would finish things. I've also used RootKit Revealer and then removed registry entries manually. It always worked, but not this time. As I told, it wouldn't let HijackThis start. It's just interesting that this particular customer had all the above mentioned software installed and yet he somehow got infected with this virus. I also found that his firewall was uninstalled when I first looked at his PC. I wonder if he uninstalled the firewall himself or if it's the work of this virus. He must of clicked on some Antivirus2009 advertisement link because I don't see how else he could get infected. Anyway, I'm pretty sure this PC is clean now. I've looked through logs - all is good. Thanks a lot, again!
  3. Thanks a lot, I was looking through System32, but never actually thought of checking the System32/Drivers. There it was, but names were different. I deleted the following items: TDSSnbcb.sys and tssecsrv.sys Only then I was able to start running the anti-malware software in safe mode. I'll scan with MBAM, Spybot, and Avira before I will boot it into a normal mode. Scan is running as I type this post. Thanks again! P.S.: Man, they come up with new and more advanced viruses every day. This one was sooo frustrating because it was blocking any anti-malware soft even in safe mode and denied access to registry entries through regedit.
  4. Ok, here's something new for you, guys... I'm repairing a laptop for this one guy. He had antivirus2009 and tdss on it. When I go to Device Manager and set Show Hidden devices I can see TDSSServ in there, BUT... when I right click, it does NOT have the "Disable" option. It is a Windows Vista 32 OS. Another thing is that no spyware removal tool can be ran on this pc EVEN in SAFE mode. I've tried Spybot, HijackThis, and Malwarebytes. Malwarebytes won't even start installing (I DID rename it to some weird name before starting). Same thing with HijackThis - will not install no matter what Spybot will install, but can't start even in safe mode. How do you like this situation? Any suggestions or ideas? I'm about ready to give up...:-((( This might be a new version of TDSS or something.