Hello y'all, newb here with first post.
Down to buisness;
Windows XP Home SP3
Avira AntiVir personal scan file:
Avira AntiVir Personal
Report file date: Sunday, May 31, 2009 09:45
Scanning for 1441077 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: chaka
Computer name: HOME
Version information:
BUILD.DAT : 8.2.0.353 17048 Bytes 5/15/2009 12:02:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 14:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 13:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 18:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 13:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 20:44:00
ANTIVIR2.VDF : 7.1.4.38 2692096 Bytes 5/29/2009 20:46:43
ANTIVIR3.VDF : 7.1.4.40 11264 Bytes 5/30/2009 20:46:44
Engineversion : 8.2.0.180
AEVDF.DLL : 8.1.1.1 106868 Bytes 5/30/2009 20:48:46
AESCRIPT.DLL : 8.1.2.0 389497 Bytes 5/30/2009 20:48:42
AESCN.DLL : 8.1.2.3 127347 Bytes 5/30/2009 20:48:34
AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 19:58:38
AEPACK.DLL : 8.1.3.18 401783 Bytes 5/30/2009 20:48:29
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 5/30/2009 20:48:13
AEHEUR.DLL : 8.1.0.129 1761655 Bytes 5/30/2009 20:48:08
AEHELP.DLL : 8.1.2.2 119158 Bytes 5/30/2009 20:47:13
AEGEN.DLL : 8.1.1.44 348532 Bytes 5/30/2009 20:47:10
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 16:05:56
AECORE.DLL : 8.1.6.12 180599 Bytes 5/30/2009 20:46:58
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 16:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 14:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 15:28:01
AVREP.DLL : 8.0.0.3 155688 Bytes 5/30/2009 20:46:48
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 17:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 18:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 18:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 19:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 19:34:37
Configuration settings for the scan:
Jobname..........................: Windows System Directory
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysdir.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: Sunday, May 31, 2009 09:45
Starting search for hidden objects.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\TEMP\AVSCAN-20090531-094504-7F1BF2A5\AVSCAN-00000005.dll
[INFO] The file is not visible.
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\TEMP\AVSCAN-20090531-094504-7F1BF2A5\AVSCAN-00000005.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.JW back-door program
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\TEMP\AVSCAN-20090531-094504-7F1BF2A5\AVSCAN-0000000A.sys
[INFO] The file is not visible.
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\TEMP\AVSCAN-20090531-094504-7F1BF2A5\AVSCAN-0000000A.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
The repair notes were written to the file 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\AVSCAN-20090531-094623-9003C82F.avp'.
c:\windows\system32\tdsscfub.dll
[INFO] The file is not visible.
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was deleted!
c:\windows\system32\drivers\tdsspaxt.sys
[DETECTION]
[NOTE] The file was deleted!
c:\windows\system32\tdssfpmp.dll
[INFO] The file is not visible.
c:\windows\system32\tdssnrsr.dll
[INFO] The file is not visible.
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.adb back-door program
[INFO] No SpecVir entry was found!
c:\windows\system32\tdssoeqh.dll
[DETECTION]
[INFO] No SpecVir entry was found!
c:\windows\system32\tdssosvn.dat
[INFO] The file is not visible.
c:\windows\system32\tdssrhym.log
[INFO] The file is not visible.
c:\windows\system32\tdssriqp.dll
[INFO] The file is not visible.
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.acs back-door program
[INFO] No SpecVir entry was found!
c:\windows\system32\tdsstkdv.log
[INFO] The file is not visible.
c:\documents and settings\chaka\local settings\temp\tdss8d6f.tmp
[INFO] The file is not visible (shell).
[DETECTION] Is the TR/Patched.CL Trojan
[INFO] No SpecVir entry was found!
End of the scan: Sunday, May 31, 2009 09:46
Used time: 01:23 Minute(s)
The scan has been done completely.
0 Scanning directories
10 Files were scanned
6 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
2 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
4 Files not concerned
0 Archives were scanned
0 Warnings
2 Notes
51894 Objects were scanned with rootkit scan
15 Hidden objects were found
The issue I am having is ANY web browser I use (Firefox 3.0.10, IE 8, or Opera) will not let me connect to ANY anti malware sites.
I get a 'could not connect to.....' prompt.
I had AVG, but trojan would not let me update definitions.
I have MaxPC cd with Superantispyware and Malwarebytes, but cannot install, says files are corrupt (only these 2 of course!).
ALL Google inquires are redirected to malware sites or Apartmentfinder on all browsers.
I deleted and/or Quarantine through the anti virus but they come back upon reboot.
I suspect AV is compromisedjavascript:replaceText('%20>
',%20document.forms.postmodify.message);
I am at wits end and out of options except format, but do not have XP cd so this is my only hope!
[attachment deleted by admin]