offline virus tools?

offline virus tools?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Antivirus Discussions    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
offline virus tools? John 09-06-2008
Posted by John on September 6, 2008, 11:11 am
If you were  Registered and logged in, you could reply and use other advanced thread options


I have a nasty virus (rootkit?) installed files like tdssserv.sys, tdss.. on
my drive. I used trendmicro to remove those files, but the virus is not
completely gone -- it still changes my screen saver every time I boot. When
I try to delete some registry keys, regedit says the key cannot be removed!

Now I have the drive mounted on a clean system as D: drive. How do I edit
the offline registry file?

Any suggestion on which virus scanner to use to completely remove this virus
while it is offline?



Posted by David H. Lipman on September 6, 2008, 11:40 am
If you were  Registered and logged in, you could reply and use other advanced thread options



| I have a nasty virus (rootkit?) installed files like tdssserv.sys, tdss.. on
| my drive. I used trendmicro to remove those files, but the virus is not
| completely gone -- it still changes my screen saver every time I boot. When
| I try to delete some registry keys, regedit says the key cannot be removed!

| Now I have the drive mounted on a clean system as D: drive. How do I edit
| the offline registry file?

| Any suggestion on which virus scanner to use to completely remove this virus
| while it is offline?


Yes, this one is known.


Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

Then post the contents of the HJT log in your post expert forum below.

{ Please - Do NOT post the HJT Log here ! }

NOTE: Registration is REQUIRED before posting a log

http://www.thespykiller.co.uk/index.php?board=3.0



--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Posted by ~BD~ on September 6, 2008, 11:54 am
If you were  Registered and logged in, you could reply and use other advanced thread options


Hi John

DrWeb was once recommended to me for offline scanning, but I haven't used it for
some time.

I'll let you explore - here: http://www.drweb.com/

Please report back how you fare! Good Luck! :)

Dave

--
>I have a nasty virus (rootkit?) installed files like tdssserv.sys, tdss.. on my
drive. I used
>trendmicro to remove those files, but the virus is not completely gone -- it
still changes my
>screen saver every time I boot. When I try to delete some registry keys,
regedit says the key
>cannot be removed!
>
> Now I have the drive mounted on a clean system as D: drive. How do I edit the
offline registry
> file?
>
> Any suggestion on which virus scanner to use to completely remove this virus
while it is offline?
>



Posted by jen on September 6, 2008, 11:56 am
If you were  Registered and logged in, you could reply and use other advanced thread options


>I have a nasty virus (rootkit?) installed files like tdssserv.sys,
>tdss.. on my drive. I used trendmicro to remove those files, but the
>virus is not completely gone -- it still changes my screen saver every
>time I boot. When I try to delete some registry keys, regedit says the
>key cannot be removed!
>
> Now I have the drive mounted on a clean system as D: drive. How do I
> edit the offline registry file?
>
> Any suggestion on which virus scanner to use to completely remove this
> virus while it is offline?

You might try SDFix:
http://www.bleepingcomputer.com/startups/tdssserv.sys-23624.html

-jen



Posted by kalyan on September 8, 2008, 4:09 am
If you were  Registered and logged in, you could reply and use other advanced thread options


Hi

You are affected by ROOTKIT XP ANTIVIRUS2008
DSSSERV.SYS has been seen to perform the following behavior:

a.. The Process is packed and/or encrypted using a software packing
process
TDSSSERV.SYS has been the subject of the following behavior:

a.. Deleted as a process from disk
b.. Created as a new Background Service on the machine
c.. Created as a process on disk
d.. Loaded and Executed as a System Driver File
Download the fix & follow the procedure screen shots

It is cleaning Regisstry keys also......

http://siri.geekstogo.com/SmitfraudFix.php



--
Warm Regards
Kalyan



>I have a nasty virus (rootkit?) installed files like tdssserv.sys, tdss..
>on my drive. I used trendmicro to remove those files, but the virus is not
>completely gone -- it still changes my screen saver every time I boot. When
>I try to delete some registry keys, regedit says the key cannot be removed!
>
> Now I have the drive mounted on a clean system as D: drive. How do I edit
> the offline registry file?
>
> Any suggestion on which virus scanner to use to completely remove this
> virus while it is offline?
>



Similar ThreadsPosted
[Multi-AV] Offline Preparation June 28, 2006, 7:18 am
Rootkits tools August 6, 2006, 1:17 pm
XP bootable CD w/tools? December 18, 2007, 6:50 pm
URLs sent from Contacts who are offline via Windows Live Messenger 8.1 February 11, 2008, 8:02 am
Re: Is there a tools to clean Trojan-psw ? May 25, 2007, 2:13 pm
RE: Is there a tools to clean Trojan-psw ? June 23, 2007, 2:51 am
tools to test server Security September 24, 2005, 10:27 pm
HELP: Virus is preventing me from installing anti virus software!! January 11, 2007, 2:17 am
I have a virus that uses "anti virus software" downloads as a cover up March 24, 2007, 1:40 pm
I have a worm or virus that does not allow me to go to ANY anti-virus website January 28, 2006, 10:29 pm

The site map in XML format XML site map

Contact Us | Privacy Policy