DDoS.RAT.SpyBot 1.2 as need help pls

I cant get rid of it thru STD-3 .. when i delete thru the program they just come back on reboot i get flag registry has been changed .. I upgraded the std-3 files .. but just cant get rid of it

I cant run regedit the window closes and cant even cntrl alt delete that window closes when i get cursor over it

 

Hi Paranoid
Which windows version are you running?
Is it possible to do a system restore a few days back ? (XP or ME) With that you might not see the infection back in a TDS scan, and the regedit works again.
If so and you seem clean disable system restore > reboot > enable system restore and make a new restore point of the new clean situation.

Also delete the key through TDS > System Analyse > Autostart Explorer before you do the disabling and reboot.
Does this help?

 

Hi Paranoid,

Delete registry values and check that they are gone in Autostart Explorer. If you haven't already run a Process Memory Scan this should detect the SpyBot FILE in memory, right click and delete.

If it doesn't, please examine the registry entry if you see one being detected - and look at what file is to blame. Zip a copy and send it to submit@diamondcs.com.au , then kill it -

Go to the TDS Process List (CTRL O in TDS)
Right click the file
Kill Process and Delete File