Tech Support Forum - View Single Post

andybucks · 06-15-2009, 11:33 AM

Hi

I have been trying to carry out my usual once in a while spybot checks etc and noticed that spybot or malwarebytes will no longer open.

Managed to get malwarebytes to run by reinstalling and changing the name, it found Trojan DNS changer which i have cleaned.

Run a panda check and it found W32/TDSS.BF.worm and a couple of other nasty looking things. log pasted below.

I tried the steps mentioned in the first steps but the apps just crashed. I also expierence blue screen when trying to reinstall spybot.

Help me please this is driving me crazy...

PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Spybot - Search and Destroy 1.0.0.5 No No
Windows Defender 1.1.1505.0 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\andy@tribalfusion[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\andy@adtech[1].txt
01054371 W32/TDSS.BF.worm Virus/Worm Yes 1 No No globalroot\systemroot\system32\gxvxcnjfcurigtufdpgckpnkcphikmjbevbru.dll
01054371 W32/TDSS.BF.worm Virus/Worm No 0 Yes No C:\Windows\System32\gxvxcnjfcurigtufdpgckpnkcphikmjbevbru.dll
01055526 W32/TDSS.BF.worm Virus/Worm Yes 1 No No globalroot\systemroot\system32\gxvxcoemsxrcwuqtnfqvdoruwnrxmkqycpavr.dll
01055526 W32/TDSS.BF.worm Virus/Worm No 0 Yes No C:\Windows\System32\gxvxcoemsxrcwuqtnfqvdoruwnrxmkqycpavr.dll
01326486 Adware/SystemGuard2009 Adware No 0 No No C:\Users\Andy\Documents\My Completed Downloads\FlashPlayer.exe[SeekingAlpha.exe]
01326486 Adware/SystemGuard2009 Adware No 0 Yes No C:\RECYCLER\S-9-0-42-100021588-100022093-100032362-1699.com
02812168 ACAD/Bursted.B Virus/Trojan No 0 Yes No C:\Users\Andy\Documents\Systech\Kumho\Survey dwg\acad.lsp
02812168 ACAD/Bursted.B Virus/Trojan No 0 Yes No C:\Users\Andy\AppData\Roaming\Autodesk\AutoCAD 2009\R17.2\enu\Support\acadapp.lsp

06-15-2009, 11:33 AM	#1 (permalink)
andybucks Registered User Join Date: Jul 2006 Posts: 12 OS: WIN XP - SP2	Help W32/TDSS.BF.worm!!! Hi I have been trying to carry out my usual once in a while spybot checks etc and noticed that spybot or malwarebytes will no longer open. Managed to get malwarebytes to run by reinstalling and changing the name, it found Trojan DNS changer which i have cleaned. Run a panda check and it found W32/TDSS.BF.worm and a couple of other nasty looking things. log pasted below. I tried the steps mentioned in the first steps but the apps just crashed. I also expierence blue screen when trying to reinstall spybot. Help me please this is driving me crazy... PROTECTIONS Description Version Active Updated ;=================================================================================================================================================================================== Spybot - Search and Destroy 1.0.0.5 No No Windows Defender 1.1.1505.0 No Yes ;=================================================================================================================================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=================================================================================================================================================================================== 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\andy@tribalfusion[2].txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\andy@adtech[1].txt 01054371 W32/TDSS.BF.worm Virus/Worm Yes 1 No No globalroot\systemroot\system32\gxvxcnjfcurigtufdpgckpnkcphikmjbevbru.dll 01054371 W32/TDSS.BF.worm Virus/Worm No 0 Yes No C:\Windows\System32\gxvxcnjfcurigtufdpgckpnkcphikmjbevbru.dll 01055526 W32/TDSS.BF.worm Virus/Worm Yes 1 No No globalroot\systemroot\system32\gxvxcoemsxrcwuqtnfqvdoruwnrxmkqycpavr.dll 01055526 W32/TDSS.BF.worm Virus/Worm No 0 Yes No C:\Windows\System32\gxvxcoemsxrcwuqtnfqvdoruwnrxmkqycpavr.dll 01326486 Adware/SystemGuard2009 Adware No 0 No No C:\Users\Andy\Documents\My Completed Downloads\FlashPlayer.exe[SeekingAlpha.exe] 01326486 Adware/SystemGuard2009 Adware No 0 Yes No C:\RECYCLER\S-9-0-42-100021588-100022093-100032362-1699.com 02812168 ACAD/Bursted.B Virus/Trojan No 0 Yes No C:\Users\Andy\Documents\Systech\Kumho\Survey dwg\acad.lsp 02812168 ACAD/Bursted.B Virus/Trojan No 0 Yes No C:\Users\Andy\AppData\Roaming\Autodesk\AutoCAD 2009\R17.2\enu\Support\acadapp.lsp