Loading Profile...
Can't get trojan off my system
When I run Viper scan it picks up the following Trojan.Win32.Tdss.ror each time. I delete it from the system, but it always appears each time I run Viper. When I attempt to you Explore or Monzilla to search the web, I get redirected to strange websites. I welcome any suggestions to solve this problem. Also I have tried to open the computer in safemode, but when I push the F8 key during start up, I get an alarm sounding and the system proceeds to open windows. I don't know if this is part of the same problem or separate. Also at one point viper showed their were 25 of the trojan items, but at the end of the scan, instead of quarrantine the action taken would say canceled.
I’m frustrated
2
people have this problem
I have this problem, too!
Tell me when someone solves it.
The more people who report this problem, the more it gets noticed.
The more people who report this problem, the more it gets noticed.
Create a customer community for your own organization
Plans starting at $19/month
-
Inappropriate?Henry, Thank you for posting your question.
Since your having trouble getting into windows safe mode you can try and use our Vipre Rescue to boot off a USB drive and scan the machine.
You can find the download link, and instructions on how to use Vipre Rescue on http://live.sunbeltsoftware.com/
If you have any questions or it is still not being removed please let us know.
Thanks,
Peter1 Comment
Add a comment
This solves the problem
-
I'm not having a problem running Vipre, but, it keeps finding this trojan. I'm looking at the most recent scan result (I've scanned 5 or 6 times in a row tonight), and Vipre is telling me that the "Clean Action Taken" was cancelled. There were 8 traces found. This is on a restaurant POS computer and I'm trying to avoid formatting and re-installing the OS. I don't know what this trojan's purpose is and I'm fearful for this restaurant's customers credit card info. -
Inappropriate?OldCinco, thank you for contacting Sunbelt Software.
First, please make sure VIPRE's definitions are completely up to date. Once everything is up to date I'd suggest running a deep scan of the system in safe mode.
To get into safe mode you'll need to restart the computer. As the computer is starting up keep tapping the F8 key until a menu comes up. Choose the "safe mode" option. Once Windows starts up in safe mode run a deep scan with VIPRE. Is VIPRE able to remove the threat in safe mode?2 Comments Add a comment
This solves the problem
-
I have all done that. I've used Vipre Rescue, run Vipre from Safe Mode, run Vipre at boot time. It continues to report the trojan. The computer does not run properly and I'm afraid that I will have to format and reinstall the OS. I haven't been able to find a more techie method of getting rid of this nuisance.
-
OldCinco, please contact us directly at support@sunbeltsoftware.com so that we can get some log information from you in order to help us remove the threat from your machine.
If you have any other questions please let us know.
Thanks,
Peter -
Inappropriate?i have a Trojan worm or virus that migrates, Ive watched it using process guard, yet not a single anti virus has been able to detect it or lock it down. except a2 square, it detected something but was unable to remove it completely, it has infected my services exe file, and uses it to shut down other programs including my mcafee anti virus and has tried to modify files, so i used process guard to prevent it from modifying files, it still makes the attempt to shut down files at random, i saw this program migrate, from a program that i knew was infected, the moment i uninstalled it, it tried to modify several system files and other exe files as well trying to migrate to a new location, it managed to infect or manipulate my services.exe file. mcafee will not detect it. im using process guard to lock it down and keep it from spreading. it migrated over from a different pc, not sure how.but they where connected through LAN. even though Ive used my thumb drive on more trhan one pc it has not seem to infect my friends pc. my thumb drive when scanned appears clean. but then with it being locked down by process guard, might have so far stooped it. and im not moving exe files from an infected pc to one that has so far shown clean. as well, that might have been how it migrated the first time. im not making that same mistake again if possible.. -
Inappropriate?Hello Clarence, Thank you for posting.
Have you tried to run A scan with Vipre yet to see if it detects it?
If you are able to isolate and copy the file causing the infection you can submit it at the following link so our researchers can work on adding it to the definitions.
http://www.sunbeltsecurity.com/Submit...
Please let us know if you have any questions.
Thanks,
Peter -
Inappropriate?i had a simlar problem, i ran the vipre rescue on my smaller compaq, unpacked it in safe mode it removed about 4 to 6 trojans, there was one that it coldnt get off and needed to reboot, i think it was the win 32 alman virus, im wondering if the virus is able to run in safe mode. as when i rebooted, avast updated then cought the file on viprerescuescan.exe if thats how its spelled, i suspect that when i put the thumb drive in the machine then rebooted it must have infected the extraction file and infected the new file upon extraction so that i can run the virus scanner that or the virus mabe capable of runing in safe mode. apparently when vipre rescue cleaned off the trojans it removed the blinders on avast that kept it from seeing the w32:alman.a virus, then avast found a bunch of my files that where on my thumb drive that where infected with that virus, including my network drivers and printer drivers that where transfered between the machines. when i looked up the virus name on the web, i came up with this entry on kasper sky,
http://www.viruslist.com/en/viruses/e...
it gives instructions on how to remove it. i cant seem to clean the files, it wont remove the infection, ill send a copy back to vipre of the infected files for analisys, so far i have not found the virus though that is infecting my larger compaque yet eather, it might also have the alman.a virus, which hasnt been detected yet, as the same infected driver file was transfered to the other machine when i had used a driver i had downloaded on both pcs. which tonight i found out is infected with a trace of the alman.a virus, however there seems to be a more sinister virus on my larger compaq because, it uses service.exe to shut down files at random. it tried to modify files as well but i used process guard to disable that, to a degree, now somehow it must have goten around it, as it shut down both mcaffe and vipre and modified them both. right now vipre is runing but disabled, and will not launch. comes up with some kind of error. when i click on the shield, its in the red state at the moment, later it will come back up and run again, then i have to click allow for process guard to let it run again, and process guard is showing that vipre has been modified. eather theres some kind of worm runing rampid or some hacker is messing with this pc.by remote. whats anoyhing is whatever this is, it shuts things down kills the process randomly, weather its mcaffe, or yahoo, ie or firefox, and it fills up the memory so i cant run some programs., quite anoying, i hope the link i found about the alman.a virus is helpfull to everyone.
I’m frustrated
-
Inappropriate?Clarence, Please contact us directly at support@sunbeltsoftware.com so that we can get the log information we need to ensure its completely removed from your system.
Please let us know if you have any questions.
Thanks,
Peter -
Inappropriate?Hi, I've found that 2 versions of VipreRescueScanner (5106 and 5107) were infected by Alman virus (http://www.virustotal.com/fr/analisis...).
I've managed to remove it by using ComboFix then DrWeb in LiveCD mode (UBCD4WIN).
