Tech Support Forum - View Single Post

tetonbob · 06-16-2009, 12:05 PM

Hello -

Is this the same machine you've posted about here

[SOLVED] Got something nasty! Help!!!!

and here

Help W32/TDSS.BF.worm!!!

Rename dds to a .com extension, or use the copy from this link

http://www.techsupportforum.com/atta...-steps-dds.zip

Regarding GMER...

Let's try this version of gmer.

Download GMER Rootkit Scanner from here to your desktop.

Double click the exe file.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.

Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Sections
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

If need be, run also untick Devices. If still no joy, run the scan in Safe mode. If still no joy...let me know.

06-16-2009, 12:05 PM	#2 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,707 OS: 2000 Pro; XP Pro; XP Home	Re: Worm problem Help! Hello - Is this the same machine you've posted about here [SOLVED] Got something nasty! Help!!!! and here Help W32/TDSS.BF.worm!!! Rename dds to a .com extension, or use the copy from this link http://www.techsupportforum.com/atta...-steps-dds.zip Regarding GMER... Let's try this version of gmer. Download GMER Rootkit Scanner from here to your desktop. Double click the exe file. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan. Click the image to enlarge it In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one) Then click the Scan button & wait for it to finish. Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post. Save it where you can easily find it, such as your desktop, and post it in reply. Caution Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries If need be, run also untick Devices. If still no joy, run the scan in Safe mode. If still no joy...let me know. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009