My Inlaws computer gots Virus problems.
- Thread starter WasTech
- Start date
- Status
Deckard's System Scanner interacts with a specific rootkit (tdssserv) in a way that may make your system unusable (altering the svchost netsvcs registry entry). This download link has been removed until a fix is released by Deckard. For your own protection, please do not attempt to download this tool from other sites.
08/17/2008
Your Geeks to Go admin team
Seems you have a rootkit and DSS can't remove it just yet.
08/17/2008
Your Geeks to Go admin team
Seems you have a rootkit and DSS can't remove it just yet.
I now deleted all these.
Malwarebytes' Anti-Malware 1.28
Database version: 1134
Windows 5.1.2600 Service Pack 1
9/30/2008 03:48:41 PM
mbam-log-2008-09-30 (15-48-41).txt
Scan type: Quick Scan
Objects scanned: 48847
Time elapsed: 5 minute(s), 44 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\qalkfxor.bpws (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\commdl.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\rvoelbxt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Desktop\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Desktop\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.28
Database version: 1134
Windows 5.1.2600 Service Pack 1
9/30/2008 03:48:41 PM
mbam-log-2008-09-30 (15-48-41).txt
Scan type: Quick Scan
Objects scanned: 48847
Time elapsed: 5 minute(s), 44 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\qalkfxor.bpws (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\commdl.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\rvoelbxt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Desktop\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Desktop\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
- Status
