Computer Help forum

General discussion

Trogan problem

by M/D / January 27, 2009 5:24 AM PST

I have a Gateway tricore computer running Vista. I use Mcafee anivirus software. Last week I noticed I could not update my McAfee. Actually I can not access any McAfee website. Something is blocking it. I removed it and loaded Quest Windows One Care. I found a Trogan Dropper: Win32/Alurean.J. One care will not remove it. I have scanned 4 times. It keeps popping up. I have since downloaded seceral free AV programs: AVG, Avast, and now ThreatFire. Avast called it a TR/TDssAT.518 Trojan, but didn't remove it. ThreatFire didn't remove it, but it limits the constant annoying popups by running quaranteen in background. Unfortunately I removed all but the most recent restore points just before I realized the Trojan.
Any ideas what I can do to remove this Trojan

Discussion is locked
You are posting a reply to: Trogan problem
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Trogan problem
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Please Try This...
by Grif Thomas Forum moderator / January 27, 2009 1:56 PM PST
In reply to: Trogan problem

Look for the file below and if there...:

C:/Windows/system32/wdmaud.sys

Delete it (or move/rename) and Reboot.
_____________

Next,
1.Click on the Start button, select "Run", then type "devmgmt.msc" in the blank area, without the quotes, then click on OK.
2. Once in Device Manager, click "View" in the upper left, select "show hidden devices/drivers".
3. Then click on "non plug and play drivers/devices", and find TDssserv.sys
4. If it's there, right click it, then select disable, then restart the computer.
5. then check if the problem still persists. good luck!


____________

And finally, to make sure other trojans aren't on the computer:

On a friend or family member's computer, download the Malwarebytes installer and update files from the links below, copy them to a CD or flash drive, then transfer the files to the problem machine and use them. If you can't start the computer into "normal" windows, try installing, updating, and running the scans AFTER the computer is started into Safe Mode.. I use the sites below to download the installer file and the manual updater:

Once downloaded and before transferring them to the problem machine, rename the program installer "mbam-setup.exe" file to something else like "Gogetum.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Gogetum.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.

Malwarebytes Installer Download Link (Clicking on the links below will immediately start the download dialogue window.)
http://www.besttechie.net/tools/mbam-setup.exe

Malwarebytes Manual Updater link
http://www.malwarebytes.org/mbam/dat...mbam-rules.exe

Next, download the SuperAntispyware program and the manual updater from the links below. After running the Malwarebytes tool above, if you still can't download and install it directly from the problem machine, download it on a friend or family member's computer as well.:

SuperAntispyware
http://www.superantispyware.com/

SuperAntispyware Manual Updater
http://www.superantispyware.com/definitions.html
____________

In a few situations, in order for the program to run, it was also necessary to rename the main "mbam.exe" file also after installing it.. It resides in the C:\Programs Files\Malwarebytes Antimalware folder.
____________________

Hope this helps.

Grif

Collapse -
Trojan
by M/D / January 29, 2009 11:14 AM PST
In reply to: Please Try This...

Grif:
Thanks for the ideas. This was a really tough trojan. I not only had to rename the malware.exe download program, but I had to open the main program file and rename the actual application as well. Found 33 trojans. I ran superspyware and have found over 100 infections including the trojan downloader.
Thanks again
M/D

Collapse -
(NT) Be Sure To Run Both Tools Till Nothing Is Found..
by Grif Thomas Forum moderator / January 29, 2009 11:18 AM PST
In reply to: Trojan

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!