WiredWX Hobby Weather ToolsLog in

 


backdoor.tidserv!inf

3 posters

descriptionSolvedbackdoor.tidserv!inf

more_horiz
hey my norton told me i have this backdoor.tidserv!inf but it could not be repaired. i ran the hijack this thanks for the help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:34:29 PM, on 11/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\GWHotKey.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aim toolbar\aimtbServer.exe
C:\Documents and Settings\JRusso\Application Data\U3\0D91356141B33A5F\LaunchPad.exe
C:\Program Files\Messenger\msmsgs.exe
F:\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.37.0\HostIE.dll (file missing)
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Zango /fleok=1D8A83A5C2E7127E9FA86B2A1FBB39BFE4976E26CAEDA120180A196D6093 - {E1BACF55-35E1-4E47-9247-2D48660E5545} - C:\Program Files\Zango\bin\10.1.181.0\HostIE.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.37.0\HostIE.dll (file missing)
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\JRusso\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\JRusso\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - https://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199226947031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222319163953
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8344 bytes

descriptionSolvedRe: backdoor.tidserv!inf

more_horiz
heres the uninstall list

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
AIM 6
Aim Plugin for QQ Games
AIM Toolbar
AIMTunes
CambridgeSoft ChemDraw Std 9.0
Download Updater (AOL LLC)
Gateway Drivers and Applications Recovery
Gateway Multi-function Keyboard
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel(R) Extreme Graphics 2 Driver
Intel(R) PROSet/Wireless Software
InterVideo WinDVD 4
InterVideo WinDVD Creator
Java(TM) 6 Update 2
Java(TM) 6 Update 3
LimeWire 4.16.2
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
mCore
mDriver
mDrWiFi
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIWA
mLogView
mMHouse
Mozilla Firefox (3.0.4)
mPfMgr
mPfWiz
mProSafe
mSCfg
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser
mWlsSafe
mZConfig
Nero - Burning Rom
Norton AntiVirus 2003
Norton WMI Update
Playlist Editor
QQ Games
QQ Pool
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SoftK56 Data Fax Modem
SoundMAX
Texas Instruments PCIxx21/x515 drivers.
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Viewpoint Media Player
Windows Defender
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3

descriptionSolvedRe: backdoor.tidserv!inf

more_horiz
Hello.

First, lets lighten the load, uninstall all this via Add/remove programs.
You can open Add/remove programs by doing the following.

*Note* - Before you do this thought, I see QQ games installed. This is sometimes installed by chinese malware, so if you didn't install them, please uninstall them.


Press Start > Control Panel > Add/remove programs
Uninstall all this by pressing the Remove button on the right after selecting each one.

Java(TM) 6 Update 2
Java(TM) 6 Update 3
Viewpoint Media Player

QQ Games
QQ Pool



Next,


  • Download combofix from here, use the top links - combofix.exe
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    backdoor.tidserv!inf RcAuto1

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will this next prompt that asks if you want to continue the malware scan, select yes

    backdoor.tidserv!inf Whatnext

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

descriptionSolvedRe: backdoor.tidserv!inf

more_horiz
when trying to uninstall Java(TM) 6 Update 3 it says backdoor.tidserv!inf should be closed. thanks again

descriptionSolvedRe: backdoor.tidserv!inf

more_horiz
Stupid virus.
Skip uninstalling stage, we can do that later.
Go straight to combofix.

descriptionSolvedRe: backdoor.tidserv!inf

more_horiz
hey, when i double click on combofix.exe nothing happens, thanks again

descriptionSolvedRe: backdoor.tidserv!inf

more_horiz
Rename it to c0mb0-fix.exe.
Hopefully that will get around the restrictions.

descriptionSolvedRe: backdoor.tidserv!inf

more_horiz
no the rename yielded the same results, it would not open.

descriptionSolvedRe: backdoor.tidserv!inf

more_horiz

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.37.0\HostIE.dll (file missing)
    O2 - BHO: Zango /fleok=1D8A83A5C2E7127E9FA86B2A1FBB39BFE4976E26CAEDA120180A196D6093 - {E1BACF55-35E1-4E47-9247-2D48660E5545} - C:\Program Files\Zango\bin\10.1.181.0\HostIE.dll (file missing)
    O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.37.0\HostIE.dll (file missing)
    O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
    O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\JRusso\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\JRusso\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


  • Press "Fix Checked"
  • Close Hijack This.


Delete these files folders below in red:
C:\WINDOWS\system32\drivers\svchost.exe <== file
C:\Program Files\Viewpoint <== folder

Note - Only delete svchost.exe in the drivers folder, do not delete any others.

Can you run CF now?

descriptionSolvedRe: backdoor.tidserv!inf

more_horiz
hey i got combofix to run, thanks

ComboFix 08-11-23.02 - JRusso 2008-11-24 16:50:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.575 [GMT -5:00]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\svchost.exe
c:\windows\system32\drivers\TDSSpaxt.sys
c:\windows\system32\TDSScfum.dll
c:\windows\system32\TDSSfxwp.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSnrsr.dll
c:\windows\system32\TDSSofxh.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSSrhym.log
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSsbhc.dll
c:\windows\system32\TDSStkdv.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2008-10-24 to 2008-11-24 )))))))))))))))))))))))))))))))
.

2008-11-23 01:59 . 2008-11-23 01:59 0 --a------ c:\windows\nsreg.dat
2008-11-17 22:39 . 2008-11-17 22:39 d-------- c:\documents and settings\JRusso\Application Data\QQ Games Plugin
2008-11-17 22:37 . 2008-11-17 22:37 d-------- c:\documents and settings\JRusso\Application Data\Tencent
2008-11-17 22:36 . 2008-11-17 22:36 d-------- c:\program files\Tencent
2008-11-17 22:35 . 2008-11-17 22:39 d-------- c:\program files\AIMTunes
2008-11-17 22:33 . 2008-11-17 22:33 21 --a------ c:\windows\atid.ini
2008-11-17 22:31 . 2008-11-17 22:31 d-------- c:\program files\Common Files\Software Update Utility
2008-11-17 22:31 . 2008-11-17 22:31 d-------- c:\program files\AIM Toolbar
2008-11-17 22:31 . 2008-11-17 22:31 d-------- c:\documents and settings\All Users\Application Data\AIM Toolbar
2008-11-17 22:31 . 2008-11-17 22:31 d-------- c:\documents and settings\All Users\Application Data\acccore
2008-11-17 22:29 . 2008-11-17 22:35 d-------- c:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-17 19:21 . 2008-11-17 22:20 d-------- c:\windows\system32\Adobe
2008-11-12 08:21 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 08:20 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-24 21:42 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-24 21:33 --------- d-----w c:\documents and settings\JRusso\Application Data\U3
2008-11-24 21:03 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-23 06:49 --------- d-----w c:\program files\Absolute Poker
2008-11-18 03:38 --------- d-----w c:\program files\AIM6
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 00:16 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-17 01:39 --------- d-----w c:\program files\MSXML 4.0
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 15:07 --------- d-----w c:\program files\CambridgeSoft
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-25 05:33 --------- d-----w c:\program files\MSBuild
2008-09-25 05:28 --------- d-----w c:\program files\Reference Assemblies
2008-09-25 05:24 21,361 ----a-w c:\windows\system32\drivers\AegisP.sys
2008-09-25 05:24 21,361 ----a-w c:\windows\AegisP.sys
2008-09-25 05:24 --------- d-----w c:\documents and settings\NetworkService\Application Data\Intel
2008-09-25 05:24 --------- d-----w c:\documents and settings\LocalService\Application Data\Intel
2008-09-25 05:24 --------- d-----w c:\documents and settings\JRusso\Application Data\Intel
2008-09-25 05:23 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\Intel
2008-09-25 05:22 --------- d-----w c:\documents and settings\All Users\Application Data\Intel
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-01-03 02:31 32 --sha-w c:\windows\{E0F9AE0B-AC1F-4827-B508-0DED60753A72}.dat
2008-01-03 02:31 32 --sha-w c:\windows\system32\{214A6992-453C-4E57-89D5-090C04A1FC9F}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{03402f96-3dc7-4285-bc50-9e81fefafe43}"= "c:\program files\AIM Toolbar\aimtb.dll" [2008-10-07 1275176]

[HKEY_CLASSES_ROOT\clsid\{03402f96-3dc7-4285-bc50-9e81fefafe43}]
[HKEY_CLASSES_ROOT\AIMTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{f8ec99b3-c2ca-4a5f-9505-c049766dc883}]
[HKEY_CLASSES_ROOT\AIMTb.AOLTBSearch]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}]
2008-10-07 14:09 1275176 --a------ c:\program files\AIM Toolbar\aimtb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{61539ecd-cc67-4437-a03c-9aaccbd14326}"= "c:\program files\AIM Toolbar\aimtb.dll" [2008-10-07 1275176]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{61539ECD-CC67-4437-A03C-9AACCBD14326}"= "c:\program files\AIM Toolbar\aimtb.dll" [2008-10-07 1275176]

[HKEY_CLASSES_ROOT\clsid\{61539ecd-cc67-4437-a03c-9aaccbd14326}]
[HKEY_CLASSES_ROOT\AIMTb.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{f8ec99b3-c2ca-4a5f-9505-c049766dc883}]
[HKEY_CLASSES_ROOT\AIMTb.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-11-01 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-11-01 1101824]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-08-20 118784]
"ccRegVfy"="c:\program files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-08-19 34504]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2002-08-19 50880]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Multi-function Keyboard"="GWHotKey.exe" [2001-08-28 c:\windows\GWHotKey.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\CambridgeSoft\\ChemOffice2005\\ChemDraw\\ChemDraw.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35f56d88-d9fa-11dc-a452-0013ce5a939b}]
\Shell\AutoRun\command - E:\LaunchU3.exe

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-09-02 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\NAVW32.exe [2002-11-14 19:31]

2008-11-24 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-07 09:04]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\JRusso\Application Data\Mozilla\Firefox\Profiles\3rrw4aht.default\
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 16:53:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSpaxt.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\WgaLogon.dll
c:\windows\system32\netprovcredman.dll
.
Completion time: 2008-11-24 16:55:34
ComboFix-quarantined-files.txt 2008-11-24 21:54:35

Pre-Run: 24,802,025,472 bytes free
Post-Run: 24,808,189,952 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

175 --- E O F --- 2008-11-22 15:47:03

descriptionSolvedRe: backdoor.tidserv!inf

more_horiz
Looking good.
One leftover to get.

Now open a new notepad file.
Input this into the notepad file:

Folder::
c:\program files\Viewpoint
c:\documents and settings\All Users\Application Data\Viewpoint

Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv.sys]


Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
backdoor.tidserv!inf Sfxdaw

This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.

descriptionSolvedRe: backdoor.tidserv!inf

more_horiz
heres the lates combofix

ComboFix 08-11-23.02 - JRusso 2008-11-24 17:13:54.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.656 [GMT -5:00]
Running from: c:\documents and settings\JRusso\Desktop\c0mb0-fix.exe
Command switches used :: c:\documents and settings\JRusso\Desktop\cfscript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Viewpoint

.
((((((((((((((((((((((((( Files Created from 2008-10-24 to 2008-11-24 )))))))))))))))))))))))))))))))
.

2008-11-23 01:59 . 2008-11-23 01:59 0 --a------ c:\windows\nsreg.dat
2008-11-17 22:39 . 2008-11-17 22:39 d-------- c:\documents and settings\JRusso\Application Data\QQ Games Plugin
2008-11-17 22:37 . 2008-11-17 22:37 d-------- c:\documents and settings\JRusso\Application Data\Tencent
2008-11-17 22:36 . 2008-11-17 22:36 d-------- c:\program files\Tencent
2008-11-17 22:35 . 2008-11-17 22:39 d-------- c:\program files\AIMTunes
2008-11-17 22:33 . 2008-11-17 22:33 21 --a------ c:\windows\atid.ini
2008-11-17 22:31 . 2008-11-17 22:31 d-------- c:\program files\Common Files\Software Update Utility
2008-11-17 22:31 . 2008-11-17 22:31 d-------- c:\program files\AIM Toolbar
2008-11-17 22:31 . 2008-11-17 22:31 d-------- c:\documents and settings\All Users\Application Data\AIM Toolbar
2008-11-17 22:31 . 2008-11-17 22:31 d-------- c:\documents and settings\All Users\Application Data\acccore
2008-11-17 22:29 . 2008-11-17 22:35 d-------- c:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-17 19:21 . 2008-11-17 22:20 d-------- c:\windows\system32\Adobe
2008-11-12 08:21 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 08:20 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-24 21:42 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-24 21:33 --------- d-----w c:\documents and settings\JRusso\Application Data\U3
2008-11-23 06:49 --------- d-----w c:\program files\Absolute Poker
2008-11-18 03:38 --------- d-----w c:\program files\AIM6
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 00:16 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-17 01:39 --------- d-----w c:\program files\MSXML 4.0
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 15:07 --------- d-----w c:\program files\CambridgeSoft
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-25 05:33 --------- d-----w c:\program files\MSBuild
2008-09-25 05:28 --------- d-----w c:\program files\Reference Assemblies
2008-09-25 05:24 21,361 ----a-w c:\windows\system32\drivers\AegisP.sys
2008-09-25 05:24 21,361 ----a-w c:\windows\AegisP.sys
2008-09-25 05:24 --------- d-----w c:\documents and settings\NetworkService\Application Data\Intel
2008-09-25 05:24 --------- d-----w c:\documents and settings\LocalService\Application Data\Intel
2008-09-25 05:24 --------- d-----w c:\documents and settings\JRusso\Application Data\Intel
2008-09-25 05:23 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\Intel
2008-09-25 05:22 --------- d-----w c:\documents and settings\All Users\Application Data\Intel
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-01-03 02:31 32 --sha-w c:\windows\{E0F9AE0B-AC1F-4827-B508-0DED60753A72}.dat
2008-01-03 02:31 32 --sha-w c:\windows\system32\{214A6992-453C-4E57-89D5-090C04A1FC9F}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{03402f96-3dc7-4285-bc50-9e81fefafe43}"= "c:\program files\AIM Toolbar\aimtb.dll" [2008-10-07 1275176]

[HKEY_CLASSES_ROOT\clsid\{03402f96-3dc7-4285-bc50-9e81fefafe43}]
[HKEY_CLASSES_ROOT\AIMTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{f8ec99b3-c2ca-4a5f-9505-c049766dc883}]
[HKEY_CLASSES_ROOT\AIMTb.AOLTBSearch]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}]
2008-10-07 14:09 1275176 --a------ c:\program files\AIM Toolbar\aimtb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{61539ecd-cc67-4437-a03c-9aaccbd14326}"= "c:\program files\AIM Toolbar\aimtb.dll" [2008-10-07 1275176]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{61539ECD-CC67-4437-A03C-9AACCBD14326}"= "c:\program files\AIM Toolbar\aimtb.dll" [2008-10-07 1275176]

[HKEY_CLASSES_ROOT\clsid\{61539ecd-cc67-4437-a03c-9aaccbd14326}]
[HKEY_CLASSES_ROOT\AIMTb.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{f8ec99b3-c2ca-4a5f-9505-c049766dc883}]
[HKEY_CLASSES_ROOT\AIMTb.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-11-01 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-11-01 1101824]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-08-20 118784]
"ccRegVfy"="c:\program files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-08-19 34504]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2002-08-19 50880]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Multi-function Keyboard"="GWHotKey.exe" [2001-08-28 c:\windows\GWHotKey.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\CambridgeSoft\\ChemOffice2005\\ChemDraw\\ChemDraw.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=

R2 BBFat.VxD;BlueBird DSP API;c:\windows\system32\Drivers\BBFat.sys [2002-08-19 7808]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" []

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-09-02 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\NAVW32.exe [2002-11-14 19:31]

2008-11-24 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-07 09:04]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 17:14:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\WgaLogon.dll
c:\windows\system32\netprovcredman.dll
.
Completion time: 2008-11-24 17:16:22
ComboFix-quarantined-files.txt 2008-11-24 22:15:22
ComboFix2.txt 2008-11-24 21:55:35

Pre-Run: 24,801,239,040 bytes free
Post-Run: 24,792,109,056 bytes free

144 --- E O F --- 2008-11-22 15:47:03

descriptionSolvedRe: backdoor.tidserv!inf

more_horiz
Forgot something.

Now open a new notepad file.
Input this into the notepad file:

@echo off
sc stop "Viewpoint Manager Service"
sc delete "Viewpoint Manager Service"
del Fixservices.bat
exit


Save this as Fixservices.bat, save it to your desktop.
Double click Fixservices.bat and the black cmd window will open and close, this is normal.

How is the machine now?

descriptionSolvedRe: backdoor.tidserv!inf

more_horiz
alright i did that and everything is working better is there anything else, thanks.

descriptionSolvedRe: backdoor.tidserv!inf

more_horiz
Nope, just updating and getting you secured now.

Press Start > Control Panel > Add/remove programs
Uninstall all this by pressing the Remove button on the right after selecting each one.

Java(TM) 6 Update 2
Java(TM) 6 Update 3


Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:

  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 10.
  • Select the first option where it says "Java SE Runtime Environment (JRE) 6 Update 10".
  • Click the "Download" button to the right.
  • In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    - Java 2 Runtime Environment, SE v1.4.2
    - J2SE Runtime Environment 5.0
    - J2SE Runtime Environment 5.0 Update 2
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe that you downloaded to install the newest version.
Please make sure the new version of Java is installed before you run JavaRa.

Please download JavaRa from here

  • First, unzip it.
  • Then run JavaRa.
  • Select English from the drop down menu and press Select.
  • This will open JavaRa.
  • Press Remove older versions
  • Press yes to the prompt.
  • It will make a log file of what it's removed.
  • Copy and paste the log back here.

descriptionSolvedRe: backdoor.tidserv!inf

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum