Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Locked thread
JonM1827
Feb 2, 2007
I would just like to add a quick note on all of those TDSSrv things that seem to come along with the Win Anti Virus 2008/9/whatever malewares. If you go into the device manager, and then click on View -> Show Hidden Devices (something similar to that, I'm on a mac right now), and then go down to Non Plug-and-Play devices, then you will be able to see TDSSrv or whatever it is on your machine. You can then go into that and disable it, I haven't had any luck deleting it, but if you disable it you can then generally load up your virus scanners and other things like that whereas you couldn't before. I think that also might have something to do with the DNS changing things that won't allow you to go to certain virus software websites and the like.

Also, another thing that I have found that is pretty nice, well it doesn't look too nice, but it works well is Avenger. Basically you just paste a list of files, registry keys, services, etc into a window, and click run, and it restarts your computer a few times while removing the files you have put into it. So, if you have a fairly comprehensive list of files that are generally used in the infections, you can put that into avenger and run that before you get going too far, like to get rid of TDSSrv :argh:, or any other things that you know are bad.

Another thing I'm a pretty big fan of is Process Monitor. Say I know of a registry key that keeps on being automatically regenerating, you can apply a filter to the keys value, and then when it is created you can click on it. Then after that you can look at the process's stack, and then see what file is generating the key. This has helped me a lot!

Last but surely not least is HijackThis. This has saved me on many occasions, and I use this instead of msconfig all of the time. I think it picks up on a few more things, and you can actually use it to delete the files, whereas msconfig will just make them not start up. Be careful when using it though, as it will remove the files!

Hope this helps.

Adbot
ADBOT LOVES YOU

  • Locked thread