«

Ok, so my father, ugh, running XP Home Edition, recently clicked
"Remove" on a "Do you want to remove spyware from your computer??"
popup and was infected with xp-antispyware 2009. *groan* .

Anyways, I got him Malwarebytes Anti-Malware installed and scanned and
removed the nasty stuff. Only problem is one was left, Trojan-TDSS.
I tried the usual stuff of boooting into SafeMode and running the
scanner there and it again found it and claimed to remove it but it
came right back. I did a registry search and found a couple instances
of it in a registry directory called TDSSSYS.SYS and proceeded to
delete them. But, after every reboot they came back and Malwarebytes
continued to find the trojan and "remove" it without actually fully
removing it. Seems to block me from doing a system restore also, I
gave that a try and after selecting the date and clicking Next,
nothing happens, it just sits there. I'm not near the computer right
now so I can't post a HijackThis log at the moment. Any suggestions
on something that will remove this bastard?

Scott269 <> wrote in
news:05ad70bc-ac6e-4bdc-baa3-:

> Ok, so my father, ugh, running XP Home Edition, recently clicked
> "Remove" on a "Do you want to remove spyware from your computer??"
> popup and was infected with xp-antispyware 2009. *groan* .
>
> Anyways, I got him Malwarebytes Anti-Malware installed and scanned and
> removed the nasty stuff. Only problem is one was left, Trojan-TDSS.
> I tried the usual stuff of boooting into SafeMode and running the
> scanner there and it again found it and claimed to remove it but it
> came right back. I did a registry search and found a couple instances
> of it in a registry directory called TDSSSYS.SYS and proceeded to
> delete them. But, after every reboot they came back and Malwarebytes
> continued to find the trojan and "remove" it without actually fully
> removing it. Seems to block me from doing a system restore also, I
> gave that a try and after selecting the date and clicking Next,
> nothing happens, it just sits there. I'm not near the computer right
> now so I can't post a HijackThis log at the moment. Any suggestions
> on something that will remove this bastard?
>
Searching for the fix on Symantec's website. A *lot* of malware has to be
removed in an *exact* manner. Most likely you missed a registry hook and
it "repaired" itself on reboot.

--
(setq (chuck nil) car(chuck) )

Scott269 <> wrote:

> I did a registry search and found a couple instances
>of it in a registry directory called TDSSSYS.SYS and proceeded to
>delete them. But, after every reboot they came back and Malwarebytes
>continued to find the trojan and "remove" it without actually fully
>removing it.

Your deleting the child not the parent program.
Use hijackthis

Go here http://hijackthis.de/en download
http://download.hijackthis.eu/HJTInstall.exe

No need to install, just run it; Scan, save log, copy then, paste the
log file into http://hijackthis.de/en click analyze. Google first of
course, but Red should be deleted and yellow researched.

And whatever it is could be in your restore points. so turn restore
off.

Also you can find your problem with Process Explorer, by double
clicking on the program, read it's image, delete it's source.
http://technet.microsoft.com/en-us/s.../bb896653.aspx

Autoruns is also good for just turning off malware, instead of
removing it, found from the same site as Process Explorer

--

Octopus wreaks havoc
http://tinyurl.com/5a879m