Backdoor virus

Warmachine

Warmachine

New Member
Reaction score
1
So my other computer has been out of commission for awhile, since Norton kept popping up with warnings about a trojan. So I've done a few scans and such and it says intelppm.sys is the infected file?

Any advice? I've googled a bit and found a thing called TDSSKiller (http://www.softpedia.com/get/Antivirus/TDSSKiller.shtml) Not quite sure what it does though, like if it actually finds the file and gets rid of it or is just a scan. Would that be the best plan of action or do you have any other suggestions?
 
Warmachine

Warmachine

New Member
Reaction score
1
Should I be in safe mode while doing the malewarebytes scan?

(It's been a few years since I've done computer tech, I've forgotten a lot..)
 
sqrage

sqrage

Mega Super Ultra Cool Member
Reaction score
514
No you don't need to be, but it's always preferred. Make sure you update the database before going into safemode though.
 
Warmachine

Warmachine

New Member
Reaction score
1
Well I just ran a TDSSKiller scan and it found it and said it was removed. Hopefully that solves it, but I'm going to run the malewarebytes and hijackthis scans anyway to make sure.
 
Warmachine

Warmachine

New Member
Reaction score
1
Malwarebytes log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5394

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18372

12/25/2010 3:56:28 PM
mbam-log-2010-12-25 (15-56-18).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 295265
Time elapsed: 1 hour(s), 23 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5B4C3B43-49B6-42A7-A602-F7ACDCA0D409} (Adware.OneStepSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5B4C3B43-49B6-42A7-A602-F7ACDCA0D409} (Adware.OneStepSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\OneStepSearch (Adware.OneStepSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE (Adware.OneStepSearch) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinSock2\Xstudio_Packet_Capture (LSP.Hijacker) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\HP_Owner\application data\registrysmart (Rogue.RegistrySmart) -> No action taken.
c:\documents and settings\HP_Owner\application data\registrysmart\Log (Rogue.RegistrySmart) -> No action taken.
c:\documents and settings\HP_Owner\application data\registrysmart\registry backups (Rogue.RegistrySmart) -> No action taken.
c:\program files\registrysmart (Rogue.RegistrySmart) -> No action taken.

Files Infected:
c:\WINDOWS\system32\dllcache\calc.exe (Trojan.Agent.Gen) -> No action taken.
c:\RECYCLER\adapt_installer.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\HP_Owner\application data\registrysmart\registry backups\2008-01-14_13-31-21.reg (Rogue.RegistrySmart) -> No action taken.




~~~~~~~~~~~~~~~~~~

Clicked remove and all items are said to be quarantined and removed successfully.

Just a few more scans and hopefully it will be solved for good...
 
Warmachine

Warmachine

New Member
Reaction score
1
Didn't necessarily find anything wrong in the hijackthis log. There were two "nasty" files, which were Ask toolbars. So I removed those and some other toolbars and random things that aren't necessary. Just running malwarebytes again and then I'll run a full norton scan in safe mode. After that the computer should be back in service!
 
You must log in or register to reply here.
General chit-chat
Help Users
  • No one is chatting at the moment.
  • WildTurkey WildTurkey:
    is there a stephen green in the house?
     +1
  • The Helper The Helper:
    What is up WildTurkey?
  • The Helper The Helper:
    Looks like Google fixed whatever mistake that made the recipes on the site go crazy and we are no longer trending towards a recipe site lol - I don't care though because it motivated me to spend alot of time on the site improving it and at least now the content people are looking at is not stupid and embarrassing like it was when I first got back into this like 5 years ago.
  • The Helper The Helper:
    Plus - I have a pretty bad ass recipe collection now! That section of the site is 10 thousand times better than it was before
  • The Helper The Helper:
    We now have a web designer at my job. A legit talented professional! I am going to get him to redesign the site theme. It is time.
  • Varine Varine:
    I got one more day of community service and then I'm free from this nonsense! I polished a cop car today for a funeral or something I guess
  • Varine Varine:
    They also were digging threw old shit at the sheriff's office and I tried to get them to give me the old electronic stuff, but they said no. They can't give it to people because they might use it to impersonate a cop or break into their network or some shit? idk but it was a shame to see them take a whole bunch of radios and shit to get shredded and landfilled
  • The Helper The Helper:
    whatever at least you are free
  • The Helper The Helper:
    Here is a cool dessert recipe I found https://www.thehelper.net/threads/recipe-cherry-cheesecake-brownie.194048/
  • The Helper The Helper:
    Found a cool easy Chicken Pot Pie recipe! https://www.thehelper.net/threads/recipe-chicken-pot-pie.194064/
  • Monovertex Monovertex:
    How are you all? :D
     +1
  • Ghan Ghan:
    Howdy
  • Ghan Ghan:
    Still lurking
     +3
  • The Helper The Helper:
    I am great and it is fantastic to see you my friend!
     +1
  • The Helper The Helper:
    Here is a great appetizer recipe Texas style! https://www.thehelper.net/threads/recipe-chicken-stuffed-poblano-peppers.194086/
  • The Helper The Helper:
    If you are new to the site please check out the Recipe and Food Forum https://www.thehelper.net/forums/recipes-and-food.220/
  • Monovertex Monovertex:
    How come you're so into recipes lately? Never saw this much interest in this topic in the old days of TH.net
  • Monovertex Monovertex:
    Hmm, how do I change my signature?
  • tom_mai78101 tom_mai78101:
    Signatures can be edit in your account profile. As for the old stuffs, I'm thinking it's because Blizzard is now under Microsoft, and because of Microsoft Xbox going the way it is, it's dreadful.
  • The Helper The Helper:
    I am not big on the recipes I am just promoting them - I use the site as a practice place promoting stuff
     +2
  • Monovertex Monovertex:
    @tom_mai78101 I must be blind. If I go on my profile I don't see any area to edit the signature; If I go to account details (settings) I don't see any signature area either.
  • The Helper The Helper:
    You can get there if you click the bell icon (alerts) and choose preferences from the bottom, signature will be in the menu on the left there https://www.thehelper.net/account/preferences
  • The Helper The Helper:
    I think I need to split the Sci/Tech news forum into 2 one for Science and one for Tech but I am hating all the moving of posts I would have to do
  • The Helper The Helper:
    New dessert for Summer - https://www.thehelper.net/threads/recipe-lemon-blueberry-layer-cheesecake.194113/
  • The Helper The Helper:
    What is up Old Mountain Shadow?

      The Helper Discord

      Members online

      No members online now.
      Online now:
      244 (members: 0, guests: 244)

      Share this page

      Affiliates

      Hive Workshop NUON Dome World Editor Tutorials

      Network Sponsors

      Apex Steel Pipe - Buys and sells Steel Pipe.
      Top