casinofree2004

mumera · 09-14-2008

Hello, I have this hidden malware witch I can't seem to nail. As my english isn't good enough to explain, I'll paste a copy of another post in this forum that describes exactly what I'm going through:

" I've run ewido in safemode, I've run Spybot Search and Destroy as well as Adaware (with all the latest updates). And yet I can't seem to nail down this virus that evades my virus scans and everything else. It hijacks any links when I click on Google, yahoo etc and sends me to spam-like sites (all on firefox by the way). I believe it's downloaded things as well, seeing that every once in a while I'll find a shortcut to casinofree2400.com that has appeared on my desktop out of nowhere. I apologize for the frustrated tone of this article, I always felt I was up to snuff on preventing infection and the like (using zonealarm, having Network Associates VirusScan constantly running, and running anti-spyware software once a week). Those darn hackers have gotten the best of me. My HijackThis log is as follows: Thanks for your help"

I have followed the instructions you gave to this guy and this is the report I've got from mbam.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
C:\WINDOWS\system32\ (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\casino1.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\casino2.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\casino3.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.

Please help me. Thank you.
mumera.

Jelly Bean · 09-14-2008

Hello and welcome to PCHelpForum.

Please do not use another members thread they may have other issues to deal with.

Please click this and follow instructions:Prework

If you need any help please ask.

chiaz · 09-16-2008

Hello mumera, and welcome to PCHF.

Jelly Bean is very correct. Please follow her instructions and let us know how it goes.

09-14-2008	#1
mumera New Poster Join Date: Sep 2008 Posts: 1 PC Experience: Some Experience	casinofree2004 Hello, I have this hidden malware witch I can't seem to nail. As my english isn't good enough to explain, I'll paste a copy of another post in this forum that describes exactly what I'm going through: " I've run ewido in safemode, I've run Spybot Search and Destroy as well as Adaware (with all the latest updates). And yet I can't seem to nail down this virus that evades my virus scans and everything else. It hijacks any links when I click on Google, yahoo etc and sends me to spam-like sites (all on firefox by the way). I believe it's downloaded things as well, seeing that every once in a while I'll find a shortcut to casinofree2400.com that has appeared on my desktop out of nowhere. I apologize for the frustrated tone of this article, I always felt I was up to snuff on preventing infection and the like (using zonealarm, having Network Associates VirusScan constantly running, and running anti-spyware software once a week). Those darn hackers have gotten the best of me. My HijackThis log is as follows: Thanks for your help" I have followed the instructions you gave to this guy and this is the report I've got from mbam. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Carpetas Infectadas: (No se han detectado elementos maliciosos) Ficheros Infectados: C:\WINDOWS\system32\ (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\casino1.ico (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\casino2.ico (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\casino3.ico (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot. Please help me. Thank you. mumera.

09-14-2008	#2
Jelly Bean Stoooooopid Girl. Join Date: Feb 2008 Location: Swansea Posts: 12,700 PC Experience: None.	Re: casinofree2004 Hello and welcome to PCHelpForum. Please do not use another members thread they may have other issues to deal with. Please click this and follow instructions:*Prework* *If you need any help please ask.* __________________ Rwy'n ceisio fy ngorau.

09-16-2008	#3
chiaz Senior Security Analyst Join Date: Jun 2006 Location: Singapore Posts: 5,120 PC Experience: PC Guru	Re: casinofree2004 Hello mumera, and welcome to PCHF. Jelly Bean is very correct. Please follow her instructions and let us know how it goes. __________________ I vouch only for my own advice. You may want to take others' with a pinch of salt. More if necessary.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode