Articles

Infected Registry Keys, IE7 corrupt

December 21, 2008 at 14:50:06
Specs: Windows XP Home, Intel Pentium 512mb

HELP!!

My PC is infected with Trojans, Mcafee did not block them and now nothing is working such as Internet Explorer 7 (keeps re directing me to unheard of websites and says something like go.google.com in title bar) plus the fact it is mega slow and keep re-booting when i click on certain sites.

It took several attempts to get Malware to run but eventually produced this log:-

Malwarebytes' Anti-Malware 1.28
Database version: 1134
Windows 5.1.2600 Service Pack 3

21/12/2008 22:26:28
mbam-log-2008-12-21 (22-26-12).txt

Scan type: Full Scan (C:\|)
Objects scanned: 140255
Time elapsed: 41 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

*****************************************

I have tried to 'remove selected' trojans and rebooted PC but same errors occur.

I have read other reports of downloading combofix etc but i am unable to do any of these things as when you click on them it changes to a blank or incorrect webpage!

Also, tried working in 'Safe Mode' and 'Safe Mode with Networking' to no avail as PC freezes.

Any advice would be gratefully appreciated
Thanks


See More: Infected Registry Keys, IE7 corrupt

Report •


#1
December 21, 2008 at 15:11:49

It told you what registry keys are infected. Run regedit and delete them by hand. Click on the plus signs until you get to the folder.

Report •

#2
December 21, 2008 at 15:28:20

Take the infected computer physically off line. Download the necessary files from another computer and transfer them to your infected computer via flash drive or CDR.

Report •

#3
December 21, 2008 at 15:45:16

Thank you for your reply - I have already looked at Regedit but not sure which part i am meant to delete. It finds all the subfolders including 'current version' but not the rest of the text displayed 'tdssdata'

Pls advise!

Example:

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent)

Sorry - I am a newbie so not sure


Report •

Related Solutions

#4
December 21, 2008 at 16:04:41

Try using this trojan remover. Downlaod and transfer as suggested above. You may want to see if you can also get the updates. May work on whatever infections you have without an update.

http://www.softpedia.com/get/Antivi...


Report •

#5
December 21, 2008 at 16:13:22

To remove a trojan, you need a Trojan Remover. This one is fully functional for 30 days:

http://www.simplysup.com/tremover/d...

Once you get your system straightened out, dump Mcafee & get a decent anti-virus program. Try AVG Free or Avast.

http://www.filehippo.com/software/a...


Report •

#6
December 21, 2008 at 16:15:31

An option would be to do a System Restore to a date before this happened.

Report •

#7
December 21, 2008 at 17:15:57

Yes, you can use some of those programs and you can do a system restore but if you want to delete the registry entry yourself, you delete tdssdata, not CurrentVersion.

Report •

#8
December 21, 2008 at 17:17:19

Thank you all - seems to have worked with the trojan remover (jam) ....i can open programs and correct web pages now! If anything changes I shall be back for more advice....I really appreciate your help!

Report •

#9
December 21, 2008 at 17:28:01

message for Guapo....the regedit did not display the file you mentioned 'tdssdata' for one of the infected keys therefore i was unable to manually remove !!

Report •


Ask Question