Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Virus/Malware infection

2 views
Skip to first unread message

Gareth

unread,
Oct 31, 2009, 9:54:04 AM10/31/09
to
Somehow I managed to infect a XP laptop with all sorts of malware and
viruses simply by accessing a website: McAfee resident scan was useless
despite being up to date.

I suspect that the "security" lock down on the laptop prevented Windows
Update from installing fixes for security flaws. Also McAfee, which I would
never select as an AV

It took me 13 hours to clean the infection - none of the rescue disks
(including Kaspersky) cleared all of the infections and ultimately only
Combofix, Malwarebytes, Spybot and Windows Defender resident protection
managed to remove all of the infections (I needed to use all of them).

Anyway, an alert popped up which looked the same as the malware false alert
but was in fact a genuine Windows Defender alert which I managed to
"ignore". The scan history now shows that the following item was "ignored":

globalroot\device\Ide\iastore0\bcimqnbv\tdlwsp.dll

It is identified as: Trojan:Win32/Alureon.gen!U

I can't seem to force Windows Defender to identify it again and other
anti-malware isn't identifying it.

How would I remove this virus? The dll doesn't seem to be present in a
Windows accessible path - it almost looks like an Unix path.

If it is just a dll and other executable files are not - or do not seem to
be - present is there anything to worry about?

I also think an SD card was infected which subsequently infected a Windows
Mobile device (which can be cleaned via a rom reflash).

How could I safely connect the SD card to a PC in order to clean it? Is
disabling autoplay enough?

Victek

unread,
Oct 31, 2009, 10:21:10 AM10/31/09
to
> I also think an SD card was infected which subsequently infected a Windows
> Mobile device (which can be cleaned via a rom reflash).
>
> How could I safely connect the SD card to a PC in order to clean it? Is
> disabling autoplay enough?
>
.
I would use Panda USB Vaccine which can be installed "resident". It will
disable autorun functionality on the PC. Just do a google search for it.

David H. Lipman

unread,
Oct 31, 2009, 10:46:06 AM10/31/09
to
From: "Gareth" <hotmai...@dgareth.remove_spam_.net>

And you stated " How would I remove this virus?"
This is NOT a virus !

This is a TDSS RootKit.

Download and use Gmer.
http://www.gmer.net/#files

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


Anonymous

unread,
Oct 31, 2009, 7:07:28 PM10/31/09
to

"Victek" <Vic...@invalid.invalid> wrote:
|
| I would use Panda USB Vaccine which can be installed "resident".

Repeated exposure to Panda will install the Scientology
trojan resident in your head.


Victek

unread,
Nov 1, 2009, 10:41:58 AM11/1/09
to
> | I would use Panda USB Vaccine which can be installed "resident".
>
> Repeated exposure to Panda will install the Scientology
> trojan resident in your head.
>
.
The Scientology trojan? Will I start jumping up and down on the couch? LOL

0 new messages