I'm under assault by the smartest virus ever. Help?

Takfloyd · #1 2nd Oct 2008, 02:47

Earlier today when I tried to run AVG update, it apparently couldn't connect to the server. So I opened firefox to check if the site was down, and apparently it was. Or so I thought. Because, guess what, according to my computer, EVERY antivirus site is down. Norman, Norton, all the smaller freeware sites. So I run a virus scan in AVG. Illegal operation. And there goes AVG. Then my security center kindly informs me that my firewall is down. I turn it back on, then exit. And within 2 seconds, it's down again.

So now I'm stuck with a virus that defends itself better than any other virus I've seen. It hasn't actually done any harm yet, but that's a matter of time I guess. Is this a known virus? And if so, any way to get rid of it? Or do I have to scour the web for obscure antivirus software that the virus may not be blocking and hope that they can get the work done?

Formatting the PC is not an option, by the way. At least not yet.

Help sorely needed!

**Hybr!d** · #2 2nd Oct 2008, 03:20

http://www.computer-juice.com/forums...-posting-7476/

Takfloyd · #3 2nd Oct 2008, 03:35

Haha, it's not that easy. The virus blocks all those sites, remember?

If figured it out myself though after reading a few things on different forums and stuff. Turns out the only way to get rid of it was to go to the device manager and get rid of a malicious device called tdds-something. Then I could trash a whole heap of virus files in system32. This is apparently a very recent virus that can't be stopped by any antivirus software. The way I discovered the solution was that I noticed that when I tried to access a virus-blocked site, for a second it redirected to something called "cleartask" or something. I googled that, and whoa, tons of people have the same problem. Then I found someone who knew a bit about this thing, and the rest is history.

**evilfantasy** · #4 2nd Oct 2008, 08:26

I've been seeing a lot of this lately. The TDSSERV rootkit.

Please print these instructions as they will be needed later when Internet access is not available.

Download SDFix by AndyManchesta and save it to your desktop. http://rapidshare.com/files/149534018/SDFix.exe.html

When using this tool, you must use the Administrator's account or an account with Administrative rights

Double click SDFix.exe and it will extract the files to %systemdrive%
(this is the drive that contains the Windows Directory, typically C:\SDFix).
DO NOT use it just yet.

.Reboot your computer in Safe Mode using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.

Type Y to begin the cleanup process.
It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
Copy and paste the contents of the results file Report.txt.

**evilfantasy** · #5 30th Dec 2008, 18:01

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.