Solve : 911 : I think my computer is infected. Help Please.?

1.	Solve : 911 : I think my computer is infected. Help Please.?
Answer» Hello. Basically my problem is that my computer has been REALLY slow, I can't access Internet Explorer (I don't really use it tho), and when I'm using Firefox sometimes I get sent to random advertisement/spam websites. I followed all the "malware removal steps," and I my internet speed has improved a lot. I also haven't seen the random websites ANYMORE. I still don't think I have gotten rid of all the malware though. Therefore, I would really appreciate it if anyone can tell me what further steps I need to take, or what else I can delete. Thank You & Happy Holidays Here are my logs: [attachment deleted by admin]Sorry for the LONG wait. We are VERY backed-up right now! If you still require assistance, please do the following... Please print these instructions as they will be needed later when Internet access is not available. Download SDFix by AndyManchesta and save it to your desktop. http://rapidshare.com/files/156236231/SDFix.exe.html When using this tool, you must use the Administrator's account or an account with Administrative rights Double-click SDFix.exe and it will extract the files to %systemdrive% (this is the drive that contains the Windows Directory, typically C:\SDFix). DO NOT use it just yet. Reboot your computer in Safe Mode using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears), press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". Open the SDFix folder and double-click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services or Registry Entries found then prompt you to press any key to reboot. Press any Key and it will restart the PC. When the PC restarts, the Fixtool will run again and complete the removal process then display Finished. Press any key to end the script and load your desktop icons. Once the desktop icons load, the SDFix report will open on screen and also save into the SDFix folder as Report.txt. Copy and paste the contents of the results file Report.txt in your next reply along with a new HijackThis log. Thx 4 replying Here are the SDFIX and HijackThis logs Thank u once again [attachment deleted by admin]You've got one of the most popular infections right now. Go ahead and copy all of the text in the code box below... Code: [Select]Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5BB35C63-98DE-64F1-688B-1347D8136C28}] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FD8F2F73-8E79-7C1A-6B2B-0702F1C25DA0}] Then open up Notepad and paste the text there. Go to File > Save As and when the window pops up, click on Save As Type and choose All Files. Save this to the desktop as tdss.reg and then close Notepad. Run the tdss.reg file and let the entries be added to your registry. Then download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop. http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of SECURITY programs that should be disabled and how to disable them. Double-click combofix.exe and follow the prompts. When finished, ComboFix will produce a log for you. Post the ComboFix log and a new HijackThis log in your next reply. NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.Here are the two new logs Thaaaaaaaaank You! [attachment deleted by admin]It's looking a lot better. How are things running now?

Answer»

Hello.
Basically my problem is that my computer has been REALLY slow, I can't access Internet Explorer (I don't really use it tho), and when I'm using Firefox sometimes I get sent to random advertisement/spam websites.

I followed all the "malware removal steps," and I my internet speed has improved a lot. I also haven't seen the random websites ANYMORE. I still don't think I have gotten rid of all the malware though. Therefore, I would really appreciate it if anyone can tell me what further steps I need to take, or what else I can delete.

Thank You & Happy Holidays

Here are my logs:

[attachment deleted by admin]Sorry for the LONG wait. We are VERY backed-up right now! If you still require assistance, please do the following...

Please print these instructions as they will be needed later when Internet access is not available.

Download SDFix by AndyManchesta and save it to your desktop. http://rapidshare.com/files/156236231/SDFix.exe.html

When using this tool, you must use the Administrator's account or an account with Administrative rights

Double-click SDFix.exe and it will extract the files to %systemdrive% (this is the drive that contains the Windows Directory, typically C:\SDFix).
DO NOT use it just yet.

Reboot your computer in Safe Mode using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears), press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double-click RunThis.bat to start the script.

Type Y to begin the cleanup process.
It will remove any Trojan Services or Registry Entries found then prompt you to press any key to reboot.
Press any Key and it will restart the PC.
When the PC restarts, the Fixtool will run again and complete the removal process then display Finished. Press any key to end the script and load your desktop icons.
Once the desktop icons load, the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
Copy and paste the contents of the results file Report.txt in your next reply along with a new HijackThis log.

Thx 4 replying
Here are the SDFIX and HijackThis logs

Thank u once again

[attachment deleted by admin]You've got one of the most popular infections right now. Go ahead and copy all of the text in the code box below...

Code: [Select]Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5BB35C63-98DE-64F1-688B-1347D8136C28}]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FD8F2F73-8E79-7C1A-6B2B-0702F1C25DA0}]

Then open up Notepad and paste the text there. Go to File > Save As and when the window pops up, click on Save As Type and choose All Files. Save this to the desktop as tdss.reg and then close Notepad. Run the tdss.reg file and let the entries be added to your registry.

Then download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of SECURITY programs that should be disabled and how to disable them.

Double-click combofix.exe and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.Here are the two new logs

Thaaaaaaaaank You!

[attachment deleted by admin]It's looking a lot better. How are things running now?

Solve : 911 : I think my computer is infected. Help Please.?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment