memory virus can't get rid off...

Discussion in 'ESET NOD32 Antivirus' started by maoten, Mar 4, 2009.

Thread Status:
Not open for further replies.
  1. maoten

    maoten Registered Member

    Joined:
    Aug 30, 2008
    Posts:
    2
    2days trying to find out what could be the issue with this virus with Nod32 v4 lateset build.

    every time i scan operating memory it give me this result:

    2610v7k.jpg
    "http://i42.tinypic.com/2610v7k.jpg"

    here's my HJT log


    ~HJ log removed per Announcement.~


    Please help.
     
    Last edited by a moderator: Mar 5, 2009
  2. nonoise

    nonoise Registered Member

    Joined:
    Jun 6, 2008
    Posts:
    322
    you could build a Rescue CD, boot from it, update definitions and scan your hard drive
     
  3. maoten

    maoten Registered Member

    Joined:
    Aug 30, 2008
    Posts:
    2
    i did,with latest definitions from rescue disk it's showing no virus in the computer.
    but as i log into the windows, the eset gives me this warning msg that i have virus loaded into my memory.
     
  4. nonoise

    nonoise Registered Member

    Joined:
    Jun 6, 2008
    Posts:
    322
    hmm, try to scan the computer with mbam
     
  5. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,856
    Maoten what is the virus name? Does it give a location?
     
  6. bradtech

    bradtech Guest

    Hey man here is some information from Sophos regarding this virus

    Troj/TDSS-I is a Trojan for the Windows platform.

    When Troj/TDSS-I is installed it creates two files called <Temp>\TDSS<random characters>.tmp.

    One of these files is detected as Troj/AdvHack-A, the other as Mal/TDSS-A.


    If I were you I would install an Adware program such as Malware Bytes, and run a scan.. Also DELETE your user profile, Turn off System Restore, and post a HiJackthis log result.
     
  7. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,856
    Oh silly me I didn't see the screenshot, do not post a HJT log, refer to the first post.

    Have you tried performing a scan in Safe Mode?
     
  8. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Hi maoten,

    In order to clean the threat from memory you will need to scan the hard drives as well so the originator can be found and dealt with.

    HTH

    Cheers :)
     
  9. tokatee

    tokatee Registered Member

    Joined:
    Mar 5, 2009
    Posts:
    10
    Location:
    Holstebro, Denmark
  10. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Hi tokatee :) , nice to see you here as well as the Sysinternal forum. (Btw that link didn't work for me.)
     
  11. Jurugi

    Jurugi Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    5
    Wow this is exactly what I have. This isn't a virus I can let stay, either. It's a backdoor and you can't even search on google without being redirected to about 100 adware sites. I tried installing Malware Bytes but once installed, the program doesn't run. It also disallows you to go onto certain anti-virus/malware sites. I figure it doesn't run for the same reason, the virus. I tried SDFix as well, but now I'm trying HiJack This. It's obnoxious that NOD32 can't clean it just because its running, and it can't even give you the data of where the files are. I've run 2 full scans, 3 safemode scans (unsuccessful) and fiddled around trying to get the location of the actual virus so I can manually remove it. Didn't work, I've been spending the last 2 hours searching for something like this to help.
     
    Last edited: Mar 6, 2009
  12. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Hi Jurugi,

    Please send a log from Sysinspector along with a link to this thread and as much information as possible to support[AT]eset[DOT]com (assuming you have a current license) and be sure and post back to let us know how you get on.

    Cheers :)
     
  13. Andrew Carey

    Andrew Carey Registered Member

    Joined:
    Feb 13, 2006
    Posts:
    11
    My brother inlaw just brought me his machine with this infection, I've pulled the drive to scan off a USB device. Seems to be a pain in the a**.
     
  14. Jurugi

    Jurugi Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    5
    I ended up reinstalling XP. I scanned with Spyware Doctor and then uninstalled it, and it deleted an important registry value for my internet connection. Still never found out what that virus was, but don't uninstall NOD32 or things could get really messed up. I uninstalled it before I reinstalled XP and all the services became corrupted. It's possible you won't be able to update NOD32 upon reinstalling as well.
     
Thread Status:
Not open for further replies.