Jump to content

Help please


*Ant*

Recommended Posts

aaaaaarrrrrrggggggghhhhhhhhhh

 

pc doing my head in now for over a week with a virus (I think) please help as.

 

I've tried all to my knowledge to find out whats wrong and sort it but it's well beyond me. I have run a diagnostic program that picked up the following 2 files but how do I find them and delete them?

 

Trojan-Downloader tdsscfum.dll (c:\windows\system32)

 

TROJAN.AGENT.GEN tdssrhym.dll (c:\windows\system32)

 

I have AVG but it's not picking it up and I can't download updates for some reason, also system restore is just freezing up and crashing.....possibly related?????

 

oh and i'm on Windows XP sp3

 

 

Eat right, stay fit, die anyway.

Link to comment
Share on other sites

  • Replies 25
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Deleting those file, even if you could find them, would do little or no good.

 

The trojan may be one of the smart ones that can disable your AV program but have it appear to still be working.

 

Use a good online virus scanner since you will know it is working. My favourite (since I know the company is honest and it won't false-report then demand you pay for a full cleaning - this one is free) is

http://housecall.trendmicro.com/

 

After that, make sure you are current on all the XP security patches. A really nasty bug was released late last week (3 of us spent all of Friday evening and Saturday morning at work installing patch MS08-067 to protect against it) that your onboard AV may well not have been able to recognize.

 

After the virus scan/clean and updating all needed security patches, run Ad-aware (make sure to update it before you run it) to deal with spyware that most AV programs won't notice.

 

If you don't have it already, free download from http://www.download.com/Ad-Aware-2008/3000...4-10045910.html and you will still need to update it after it is installed.

" My choices in life were either to be a piano player in a whore house or a politician. And to tell the truth, there's hardly any difference!" - Harry Truman, 33rd US President

Link to comment
Share on other sites

Deleting those file, even if you could find them, would do little or no good.

 

The trojan may be one of the smart ones that can disable your AV program but have it appear to still be working.

 

Use a good online virus scanner since you will know it is working. My favourite (since I know the company is honest and it won't false-report then demand you pay for a full cleaning - this one is free) is

http://housecall.trendmicro.com/

 

After that, make sure you are current on all the XP security patches. A really nasty bug was released late last week (3 of us spent all of Friday evening and Saturday morning at work installing patch MS08-067 to protect against it) that your onboard AV may well not have been able to recognize.

 

After the virus scan/clean and updating all needed security patches, run Ad-aware (make sure to update it before you run it) to deal with spyware that most AV programs won't notice.

 

If you don't have it already, free download from http://www.download.com/Ad-Aware-2008/3000...4-10045910.html and you will still need to update it after it is installed.

 

Cheers Newt but I can't get onto the trendmicro website, it either opens a new window and says the "can't display" thing or if I try and get to it via google I just get an advertising site up that has nothing to do with housecall trendmicro???? I think it must have something to do with this virus as I can only seem to get on sites that are in my favourites for some reason.

 

 

Eat right, stay fit, die anyway.

Link to comment
Share on other sites

.......nearly forgot. When I try and update ad-aware I get the following message -

 

Getting updates...

Server connection failed

Installation finished

Failed to retrieve update data

 

Which is pretty much the same when trying to update AVG ???

 

 

Eat right, stay fit, die anyway.

Link to comment
Share on other sites

Possibly another sneaky from your critter.

 

Search your PC for a file named hosts (no extension). There should be a copy in windows\system32\etc and you need to rename it to hosts.old or hosts.tmp and then try the trendmicro link again.

 

If still no joy, try

http://www.kaspersky.com/scanforvirus

 

Also, when you have things under control, attach your hosts file (with whatever name) to an email and send it to me. It is not essential but can be useful if clean and I can clean it and return it.

" My choices in life were either to be a piano player in a whore house or a politician. And to tell the truth, there's hardly any difference!" - Harry Truman, 33rd US President

Link to comment
Share on other sites

Update - based on info I found, use the kaspersky site for the removal. Trend apparently has trouble with this on on occasion.

" My choices in life were either to be a piano player in a whore house or a politician. And to tell the truth, there's hardly any difference!" - Harry Truman, 33rd US President

Link to comment
Share on other sites

1. Read the Requirements and Privacy statement, then select "Accept"

2. A new window will appear prompting you to install an ActiveX component from Kaspersky - "Do you want to install this software?".

3. Click "Yes" or select "Install" to download the ActiveX controls that allows ActiveScan to run.

4. When the download is complete it will say ready, click "Next".

5. Click "Scan Settings" and check the option to use the Extended Database if available otherwise Standard).

6. Click "Scan Options" and select both "Scan Archives" and "Scan Mail Bases"7. Click "OK".

8. Under "Select a target to scan", click on "My Computer".

 

When it finishes, please save the results and post them here.

 

If all your efforts fail, you will probably need a PC shop to do the cleaning. It may need a bootable CD/DVD with the virus scanner on it so the infection can't interfere.

" My choices in life were either to be a piano player in a whore house or a politician. And to tell the truth, there's hardly any difference!" - Harry Truman, 33rd US President

Link to comment
Share on other sites

It won't let me on the site Newt. This thing seems to be blocking links and anything searched via google, yahoo etc.

 

I tried going to CNET and downloading Kaspersky Antivirus on a trial which went ok, problem was that whetever this thing is won't let me download any updates, I get the same connection failed error as with AVG, AD-AWARE, AVAST etc.

 

Anyhow I ran Kaspersky virus scan but it didn't pick anything up, I guess because it wasn't updated.

 

I have HijackThis on my pc so would that pick up and allow me to delete this virus?

 

 

Eat right, stay fit, die anyway.

Link to comment
Share on other sites

Ant - if it added some links to your hosts file (a simple text file and unprotected so easy to write) it could easily redirect any attempts you make to reach AV sites so they failed as long as you used the usual method of trying to go to a link.

 

Try reaching it by using the IP address which will bypass any redirects done in that way.

 

http://195.27.181.34/virusscanner

" My choices in life were either to be a piano player in a whore house or a politician. And to tell the truth, there's hardly any difference!" - Harry Truman, 33rd US President

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

We and our partners use cookies on our website to give you the most relevant experience by remembering your preferences, repeat visits and to show you personalised advertisements. By clicking “I Agree”, you consent to the use of ALL the cookies. However, you may visit Cookie Settings to provide a controlled consent.