WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Backdoor.Tidserv!inf

2 posters

descriptionBackdoor.Tidserv!inf - Page 1 EmptyRe: Backdoor.Tidserv!inf14th June 2010, 3:06 pm

more_horiz
The Backdoor.Tidserv is not showing up, or at least has not been detected by Symantec AV after the Combofix scan. But there are problems with explorer.exe: every time I try to right click an empty point in a folder or on the desktop / I try to create a new folder / I click on "File" in any folder, explorer.exe crashes.

descriptionBackdoor.Tidserv!inf - Page 1 EmptyRe: Backdoor.Tidserv!inf14th June 2010, 11:58 pm

more_horiz
Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Code:


    DDS::
    uInternet Settings,ProxyOverride =
    uInternet Settings,ProxyServer = http=127.0.0.1:1435

    RegNull::
    [HKEY_USERS\S-1-5-21-1177238915-1364589140-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B37FA422-CEA0-E9C6-C4DB-4E930D56B329}*]


  4. Save this as CFScript.txt, in the same location as ComboFix.exe

    Backdoor.Tidserv!inf - Page 1 Cfscriptb4i

  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Backdoor.Tidserv!inf - Page 1 DXwU4
Backdoor.Tidserv!inf - Page 1 VvYDg

descriptionBackdoor.Tidserv!inf - Page 1 EmptyRe: Backdoor.Tidserv!inf15th June 2010, 7:08 am

more_horiz
ComboFix 10-06-14.02 - Michael 15/06/2010 8.54.26.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1023.532 [GMT 2:00]
Eseguito da: c:\documents and settings\Michael\Desktop\Combo-Fix.exe
Opzioni usate :: c:\documents and settings\Michael\Desktop\CFscript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((( Files Creati Da 2010-05-15 al 2010-06-15 )))))))))))))))))))))))))))))))))))
.

2010-06-14 07:43 . 2010-06-14 07:56 -------- d-----w- C:\Combo-Fix
2010-06-14 07:41 . 2010-06-14 07:43 -------- d-----w- C:\ComboFix
2010-06-13 07:42 . 2010-06-13 07:42 -------- d-----w- C:\_OTL
2010-06-12 22:13 . 2010-06-12 22:13 503808 ----a-w- c:\documents and settings\Michael\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3f8ddbd7-n\msvcp71.dll
2010-06-12 22:13 . 2010-06-12 22:13 499712 ----a-w- c:\documents and settings\Michael\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3f8ddbd7-n\jmc.dll
2010-06-12 22:13 . 2010-06-12 22:13 348160 ----a-w- c:\documents and settings\Michael\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3f8ddbd7-n\msvcr71.dll
2010-06-12 22:13 . 2010-06-12 22:13 61440 ----a-w- c:\documents and settings\Michael\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2a0805b3-n\decora-sse.dll
2010-06-12 22:13 . 2010-06-12 22:13 12800 ----a-w- c:\documents and settings\Michael\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2a0805b3-n\decora-d3d.dll
2010-06-12 22:12 . 2010-06-12 22:12 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-12 22:00 . 2010-06-12 22:00 388096 ----a-r- c:\documents and settings\Michael\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-12 18:20 . 2010-05-06 10:32 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-12 16:04 . 2010-06-12 16:04 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Mozilla
2010-06-12 14:50 . 2010-06-12 14:51 -------- d-----w- c:\programmi\Defense Center
2010-06-12 11:09 . 2010-06-12 11:09 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-06-11 09:21 . 2010-06-11 09:21 -------- d-----w- c:\documents and settings\NetworkService\Dati applicazioni\AdobeUM
2010-06-11 09:20 . 2010-06-11 09:21 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Adobe
2010-05-27 07:09 . 2010-05-27 07:09 503808 ----a-w- c:\documents and settings\Michael\Dati applicazioni\Sun\Java\Deployment\cache\6.0\46\f84c6ae-3b0b8f3b-n\msvcp71.dll
2010-05-27 07:09 . 2010-05-27 07:09 499712 ----a-w- c:\documents and settings\Michael\Dati applicazioni\Sun\Java\Deployment\cache\6.0\46\f84c6ae-3b0b8f3b-n\jmc.dll
2010-05-27 07:09 . 2010-05-27 07:09 348160 ----a-w- c:\documents and settings\Michael\Dati applicazioni\Sun\Java\Deployment\cache\6.0\46\f84c6ae-3b0b8f3b-n\msvcr71.dll
2010-05-24 08:32 . 2010-05-24 08:32 -------- d-----w- c:\documents and settings\Michael\Impostazioni locali\Dati applicazioni\DOSBox
2010-05-24 08:32 . 2010-05-27 21:29 -------- d-----w- c:\programmi\DOSBox-0.74
2010-05-24 08:28 . 2010-05-24 08:42 -------- d-----w- C:\RAPTOR
2010-05-21 08:12 . 2010-05-21 08:12 -------- d-----w- c:\programmi\Wedding Dash 2 - Rings Around the World

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-15 06:26 . 2007-11-01 09:00 -------- d-----w- c:\programmi\Symantec AntiVirus
2010-06-14 09:32 . 2008-12-01 18:39 -------- d-----w- c:\programmi\GameSpy Arcade
2010-06-14 09:32 . 2008-10-31 11:08 -------- d-----w- c:\programmi\Commandos II
2010-06-14 09:32 . 2008-03-25 11:56 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-06-14 09:31 . 2008-10-28 15:57 -------- d-----w- c:\programmi\CyberLink
2010-06-14 09:31 . 2008-08-27 09:33 -------- d-----w- c:\programmi\AviSynth 2.5
2010-06-14 09:29 . 2008-08-27 20:42 -------- d-----w- c:\programmi\SlySoft
2010-06-13 16:00 . 2008-11-21 19:47 -------- d-----w- c:\programmi\Norton Security Scan
2010-06-12 22:13 . 2007-11-01 08:09 -------- d-----w- c:\programmi\File comuni\Java
2010-06-12 21:50 . 2007-11-01 08:09 -------- d-----w- c:\programmi\Java
2010-06-12 18:33 . 2004-08-19 12:00 84156 ----a-w- c:\windows\system32\perfc010.dat
2010-06-12 18:33 . 2004-08-19 12:00 489410 ----a-w- c:\windows\system32\perfh010.dat
2010-06-10 11:33 . 2010-06-10 11:33 -------- d-----w- c:\documents and settings\Michael\Dati applicazioni\Malwarebytes
2010-06-10 11:33 . 2010-06-10 11:33 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-06-10 11:33 . 2010-06-10 11:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-06-09 15:29 . 2010-01-13 18:18 -------- d-----w- c:\programmi\Bompiani
2010-06-05 06:46 . 2007-12-24 09:45 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-05-25 18:32 . 2009-10-27 16:36 60701 ----a-w- c:\documents and settings\Michael\Dati applicazioni\mdbu.bin
2010-05-22 14:22 . 2010-05-14 19:27 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-05-21 08:13 . 2010-05-13 18:04 -------- d-----w- c:\documents and settings\Michael\Dati applicazioni\PlayFirst
2010-05-21 08:13 . 2010-05-13 18:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PlayFirst
2010-05-14 19:27 . 2010-05-14 19:27 -------- d-----w- c:\programmi\Wedding Dash
2010-05-14 19:26 . 2010-05-14 19:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\BigFishGamesCache
2010-05-14 19:25 . 2010-05-14 19:25 -------- d-----w- c:\programmi\bfgclient
2010-05-14 19:25 . 2010-05-14 19:25 3085800 ----a-w- c:\documents and settings\All Users\Dati applicazioni\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_l1.exe
2010-05-13 18:00 . 2010-05-13 18:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Trymedia
2010-05-06 10:32 . 2004-09-29 18:48 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:06 . 2004-08-19 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 13:39 . 2010-06-10 11:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-06-10 11:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2004-08-19 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-14 10:47 . 2009-11-11 20:36 79488 ----a-w- c:\documents and settings\Michael\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2010-04-06 10:12 . 2010-04-06 10:12 51936 ----a-w- c:\documents and settings\Gennarino\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-06 10:12 . 2010-04-06 10:12 138 ----a-w- c:\documents and settings\Gennarino\Impostazioni locali\Dati applicazioni\fusioncache.dat
2010-04-03 21:06 . 2009-09-08 10:33 37280 ---ha-w- c:\windows\system32\mlfcache.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-06-14_07.52.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-15 06:24 . 2010-06-15 06:24 16384 c:\windows\Temp\Perflib_Perfdata_e4.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\programmi\Yahoo!\Messenger\YahooMessenger.exe" [2008-02-29 4670704]
"CTSyncU.exe"="c:\programmi\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"igndlm.exe"="c:\programmi\Download Manager\DLM.exe" [2008-08-01 1103216]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2005-10-11 2807808]
"ATICCC"="c:\programmi\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"ccApp"="c:\programmi\File comuni\Symantec Shared\ccApp.exe" [2005-06-02 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-06-23 85696]
"Acrobat Assistant 7.0"="c:\programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"EverioService"="c:\programmi\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 151552]
"Malwarebytes Anti-Malware (rootkit-scan)"="c:\programmi\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2007-11-1 25214]
Avvio rapido HP Photosmart Premier.lnk - c:\programmi\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 02:14 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Defense Center]
2010-06-12 14:50 1661952 ----a-w- c:\programmi\Defense Center\defcnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 15:33 141600 ----a-w- c:\programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:14 1695232 ------w- c:\programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44 3883856 ----a-w- c:\programmi\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Qsotexinodusex]
2008-04-14 02:13 62976 ----a-w- c:\windows\ntPrasti.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
2006-08-23 13:36 339968 ----a-w- c:\windows\vsnpstd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

S3 SavRoam;SAVRoam;c:\programmi\Symantec AntiVirus\SavRoam.exe [23/06/2005 20.27.30 124608]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - EraserUtilDrv11010
*Deregistered* - EraserUtilRebootDrv
*Deregistered* - PROCEXP141
.
Contenuto della cartella 'Scheduled Tasks'

2010-06-13 c:\windows\Tasks\Norton Security Scan for Michael.job
- c:\programmi\Norton Security Scan\Nss.exe [2008-09-19 03:18]

2010-06-14 c:\windows\Tasks\User_Feed_Synchronization-{D35A9AC5-A617-4241-A07E-4471DF07796E}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uSearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
FF - ProfilePath - c:\documents and settings\Michael\Dati applicazioni\Mozilla\Firefox\Profiles\b7lznjem.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.search.selectedengine - Google
FF - prefs.js: browser.startup.homepage - hxxp://fr.yahoo.com/
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Download Manager\npfpdlm.dll
FF - plugin: c:\programmi\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.01.01c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-15 08:59
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1177238915-1364589140-839522115-1005\Software\SecuROM\License information*]
"datasecu"=hex:27,6b,a5,d0,b2,3e,cf,18,6e,02,ae,97,c1,e1,27,8d,df,d0,69,bf,92,
f1,a3,e4,b0,3b,9c,e1,92,a5,6d,48,20,45,a5,da,32,03,d0,45,76,03,4e,fa,06,9b,\
"rkeysecu"=hex:33,17,e4,7d,62,96,84,89,c0,38,a9,3e,77,cf,e9,a9
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2384)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
Ora fine scansione: 2010-06-15 09:01:05
ComboFix-quarantined-files.txt 2010-06-15 07:01
ComboFix2.txt 2010-06-14 07:56
ComboFix3.txt 2010-06-12 16:57

Pre-Run: 185.465.524.224 byte disponibili
Post-Run: 185.675.399.168 byte disponibili

- - End Of File - - 0FB2A9CB0CB6E15F0057E63984A89ED6

descriptionBackdoor.Tidserv!inf - Page 1 EmptyRe: Backdoor.Tidserv!inf15th June 2010, 7:11 am

more_horiz
That C:\Programmi\Defense Center\defcnt.exe is a fake antivirus that caused me a lot of troubles some day ago, when this all began. I thought it was deleted by malware bytes or Combofix, I'm surprised to see it's still there. What should I do to remove it?

descriptionBackdoor.Tidserv!inf - Page 1 EmptyRe: Backdoor.Tidserv!inf15th June 2010, 8:07 pm

more_horiz
Hello.
Just delete the "Defense Center" folder.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Backdoor.Tidserv!inf - Page 1 DXwU4
Backdoor.Tidserv!inf - Page 1 VvYDg

descriptionBackdoor.Tidserv!inf - Page 1 EmptyRe: Backdoor.Tidserv!inf15th June 2010, 10:58 pm

more_horiz
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=5f230a9fc89a4a47b15130cc25bf2ec1
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-15 10:56:10
# local_time=2010-06-16 12:56:10 (+0100, ora legale Europa occidentale)
# country="Italy"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 208 208 0 0
# scanned=83961
# found=2
# cleaned=2
# scan_time=3128
C:\Documents and Settings\Michael\Dati applicazioni\Sun\Java\Deployment\cache\6.0\53\34cea775-36183b74 Java/TrojanDownloader.OpenStream.NAC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\ntPrasti.dll a variant of Win32/Cimag.CO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

descriptionBackdoor.Tidserv!inf - Page 1 EmptyRe: Backdoor.Tidserv!inf15th June 2010, 11:02 pm

more_horiz
Whatever the next moves, the computer's working absoƖute fine. The problem I had with explorer.exe is over. Apparently everything's right! You're great.

descriptionBackdoor.Tidserv!inf - Page 1 EmptyRe: Backdoor.Tidserv!inf17th June 2010, 12:35 am

more_horiz
Okay good.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Backdoor.Tidserv!inf - Page 1 DXwU4
Backdoor.Tidserv!inf - Page 1 VvYDg

descriptionBackdoor.Tidserv!inf - Page 1 EmptyRe: Backdoor.Tidserv!inf

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum