• Log InLog In
  • Register
Liquid`
Team Liquid Liquipedia
EDT 04:46
CEST 10:46
KST 17:46
  • Home
  • Forum
  • Calendar
  • Streams
  • Liquipedia
  • Features
  • Store
  • EPT
  • TL+
  • StarCraft 2
  • Brood War
  • Smash
  • Heroes
  • Counter-Strike
  • Overwatch
  • Liquibet
  • Fantasy StarCraft
  • TLPD
  • StarCraft 2
  • Brood War
  • Blogs
Forum Sidebar
Events/Features
News
Featured News
Serral wins HomeStory Cup 2914Serral wins Maestros of the Game 243ByuL, and the Limitations of Standard Play3Team Liquid Map Contest #22: Results and Winners7Code S Season 2 (2026): RO4 and Finals Preview12
Community News
Reynor: GSL Loss Wasn't About Preparation Format12[IPSL] Spring 2026 Grand Finals - This Weekend!1Weekly Cups (July 6 - 12): Protoss strike back12BSL Season 22 Full Overview & Conclusion8BSL Season 22 Full Overview & Conclusion8
StarCraft 2
General
Is the larve respawn broken? Weekly Cups (July 6 - 12): Protoss strike back Serral wins HomeStory Cup 29 Yamato Cup Series Interview with an American 16 Year Old Grandmaster
Tourneys
WardiTV Summer Cup 2026 GSL CK #5 Race War RSL Revival: Season 6 - Qualifiers and Main Event HomeStory Cup 29 Vespene Cup #1 — $300+ USD, July 10
Strategy
[G] Having the right mentality to improve
Custom Maps
New Map Maker - Looking for Advice - Love or Hate Work In Progress Melee Maps [D]RTS in all its shapes and glory <3
External Content
The PondCast: SC2 News & Results Mutation # 534 Burning Evacuation Mutation # 533 Die Together Mutation # 532 Nuclear Family
Brood War
General
BGH Auto Balance -> http://bghmmr.eu/ Etiquete rules in Asl? Pros Debate: Zerg Unfairly Nerfed? (ASL S22 map) screpdb: new Starcraft reporting tool ASL 22 Proposed Map Pool
Tourneys
Escore Tournament - Season 3 [Megathread] Daily Proleagues [ASL22] Wildcard Qualifier [IPSL] Spring 2026 Grand Finals - This Weekend!
Strategy
Fighting Spirit mining rates Simple Questions, Simple Answers Creating a full chart of Zerg builds Relatively freeroll strategies
Other Games
General Games
Path of Exile Nintendo Switch Thread General RTS Discussion Thread Stormgate/Frost Giant Megathread Summer Games Done Quick 2026!
Dota 2
Looking for a Dota Mentor Official 'what is Dota anymore' discussion
League of Legends
Heroes of the Storm
Simple Questions, Simple Answers Heroes of the Storm 2.0
Hearthstone
Deck construction bug
TL Mafia
TL Mafia Power Rank NeO.D_StephenKing vs This Guy From 1 Million Dance TL Mafia Community Thread Vanilla Mini Mafia
Community
General
US Politics Mega-thread Russo-Ukrainian War Thread UK Politics Mega-thread YouTube Thread Canadian Politics Mega-thread
Fan Clubs
The IdrA Fan Club The HerO Fan Club!
Media & Entertainment
Anime Discussion Thread [Req][Books] Good Fantasy/SciFi books Movie Discussion! Series you have seen recently...
Sports
2024 - 2026 Football Thread McBoner: A hockey love story Tennis[sport] Formula 1 Discussion TeamLiquid Health and Fitness Initiative For 2023
World Cup 2022
Tech Support
Simple Questions Simple Answers FPS when play League Of Legend on laptop How to clean a TTe Thermaltake keyboard?
TL Community
Northern Ireland Global Starcraft The Automated Ban List
Blogs
Poker (part 2)
Nebuchad
The Experiences We Want and …
TrAiDoS
An Exploration of th…
waywardstrategy
Gauntlet SC2: A Retrospectiv…
Ctone23
ramps on octagon
StaticNine
Funny Nicknames
LUCKY_NOOB
Evil Gacha Games and the…
ffswowsucks
Customize Sidebar...

Website Feedback

Closed Threads



Active: 11734 users

[H]Huge BackDoor Trojan Problem - Page 2

Blogs > Mickey
Post a Reply
Prev 1 2 All
qrs
Profile Blog Joined December 2007
United States3637 Posts
June 18 2009 07:34 GMT
#21
On June 18 2009 16:07 MamiyaOtaru wrote:
Hope you're not part of a botnet.

Maybe after taking control of the computer, the virus logs on to various internet forums and asks seemingly innocent questions about getting rid of itself, in order to find out what the state of the art in anti-virus technology is. How can we know that it is really Mickey posting? AAAGGHHH!!
'As per the American Heart Association, the beat of the Bee Gees song "Stayin' Alive" provides an ideal rhythm in terms of beats per minute to use for hands-only CPR. One can also hum Queen's "Another One Bites The Dust".' —Wikipedia
evanthebouncy!
Profile Blog Joined June 2006
United States12796 Posts
June 18 2009 07:44 GMT
#22
On June 18 2009 14:56 Mickey wrote:
Show nested quote +
On June 18 2009 14:32 ZoW wrote:
Have you tried combofix?

I'm not really knowledgeable on this software. I've read it in the threads, but I also found out that it can do some damage to your OS if not used properly.

Would you care to explain how it works?
Show nested quote +
On June 18 2009 14:38 travis wrote:
Try downloading "trojan defense suite"

u can get a trial of the newest version for free, probably

here

http://tucows.menanet.net/preview/195501.html

Thanks will do although this seems really old.
Show nested quote +
On June 18 2009 14:53 Grobyc wrote:
Stop downloading so much porn?

I don't download porn I'm smarter than that. I stream it on Redtube with adblocker making that window look clean.

Honestly another thing that is bothering me is how I got the trojan to begin with. I have to 2 possibilities. A MP3 I downloaded, or a Antivirus suit torrent I downloaded and ran. I think it was the MP3.

I knew it looked shady. Chains of Love by Erasure is now my least favorite song ever.

btw pornhub is much better than redtube, think of it as TL vs GG.net
Life is run, it is dance, it is fast, passionate and BAM!, you dance and sing and booze while you can for now is the time and time is mine. Smile and laugh when still can for now is the time and soon you die!
nttea
Profile Blog Joined July 2008
Sweden4353 Posts
June 18 2009 08:08 GMT
#23
you have to surrender, format C: lose the battle but hope that you will win the war.
NoNones
Profile Joined June 2009
41 Posts
Last Edited: 2009-06-18 08:46:29
June 18 2009 08:43 GMT
#24
On June 18 2009 14:31 Mickey wrote:
Show nested quote +
On June 18 2009 14:28 Kentor wrote:
Dude just reformat.

No. I'm fucking sick of people always just saying "Reformat!". Do you know how much a pain in the ass it is, also I've always been a pretty knowledgeable person on ad ware/viruses. My Brother has fucked up the comp tons of tons of times doing dumb shit/looking at porn. I've always fixed the infection. Reformatting is like excepting defeat in my opinion.

God why do I always have stress/shit happened to me. I'm a nice guy!

Then you should know that you can never trust that computer again as long as it's not been reformated or shadow coped to a earlier state that known to be secure and done though a separate boot one that is not safe mode ie a linux boot. Shit now of days you need a full security suite once one shit is compromised you can't trust any programs you use or install after the infection even if you believe it's been properly cleaned.

Try to see if you can get G-Data on that and run a scan on their linux boot.

Reformaing is the safest period. You already lost when the infection became noticeable I've used router firewall+hosts file for more then 8 years in that time only 2 times i had an infection. Because i don't install open or even look at strange shit and go to strange websites. l2internet.
StorrZerg
Profile Blog Joined February 2008
United States13921 Posts
June 18 2009 12:03 GMT
#25
On June 18 2009 16:34 Etherone wrote:
TL > tech forums

well for further reference i would love to know how you got rid of it.



so true lol
Hwaseung Oz fan for life. Swing out, always swing out.
inReacH
Profile Blog Joined August 2008
Sweden1612 Posts
June 18 2009 12:57 GMT
#26
On June 18 2009 14:31 Mickey wrote:
Show nested quote +
On June 18 2009 14:28 Kentor wrote:
Dude just reformat.

No. I'm fucking sick of people always just saying "Reformat!". Do you know how much a pain in the ass it is, also I've always been a pretty knowledgeable person on ad ware/viruses. My Brother has fucked up the comp tons of tons of times doing dumb shit/looking at porn. I've always fixed the infection. Reformatting is like excepting defeat in my opinion.

God why do I always have stress/shit happened to me. I'm a nice guy!


Learn how to reformat then.. I reformat over 4 times/year and it takes be about 3 hours to get EVERYTHING reinstalled and my comp completely back to the way it was but running like it's brand new.

Obviously you need a slave drive to be able to do this but holy shit is it worth it
Shauni
Profile Blog Joined July 2004
4077 Posts
June 18 2009 13:14 GMT
#27
It's pretty much impossible to get a virus from an mp3 file.
I'm taking whatever coverage I can get, because frankly, I'm busy working on this million dollar deal at my job. Early retirement is a good thing brotha man. - MessengerASL
Mickey
Profile Blog Joined July 2005
United States2606 Posts
June 18 2009 13:18 GMT
#28
On June 18 2009 16:07 MamiyaOtaru wrote:
Show nested quote +
On June 18 2009 14:56 Mickey wrote:
Honestly another thing that is bothering me is how I got the trojan to begin with. I have to 2 possibilities. A MP3 I downloaded, or a Antivirus suit torrent I downloaded and ran. I think it was the MP3.

Hahaha are you serious? Your choices are a music file and a warezed app suite containing presumably at least one executable, and you suspect the music file??

Admit defeat. Reformat. Once you've been back doored you can never be sure it is gone. That's the nature of rootkits. And next time don't download warez antivirus apps. Wasn't your brother "doing dumb shit" this time.

I mean, it's cool if it seems like Trojan Defense Suite worked, but all the programs you tried previously either couldn't detect or remove something. You can't be %100 sure that TDS got everything, that there isn't something there it couldn't find. I mean if there are no symptoms continue merrily on your way or whatever. Hope you're not part of a botnet.

I don't download from Warez sites. I'm not an idiot, and neither do I have the bandwith/rapidshare account to do so.

I downloaded a MP3 using frostwire. The MP3 didn't have any seeminly weird details. The size seeemed correct, and I guess I made the mistake of downloading a higher bitrate song that had no downloads before that.

Also, I still don't know how I got the virus. I just estimated those two. Yeah, I have to be smart I guess.

Today I'm staying up all night using every program I can to try to win. If I can't I'll admit defeat and reformat.

Are there any precautions I should do? My gf let me use a external hardrive. I'll basically put my music collection, some videos, and some important text files. Everything else I can reinstall easily. Most of my games are from steam, etc... Should I copy files in safe mode to make sure nothing could infect the external hardrive?
anderoo
Profile Blog Joined March 2008
Canada1876 Posts
June 18 2009 15:32 GMT
#29
title was extremely misleading
Mickey
Profile Blog Joined July 2005
United States2606 Posts
June 18 2009 15:38 GMT
#30
Experts Please respond via comment/pm
Can these removers be trusted?
Remove Zlob
Agent Akk
Also I found this guide which seems mildly legit.
+ Show Spoiler +
Do the following to remove trojan TDSSserv (trojan Backdoor.Tidserv).

PART I: TDss RootKit removal

Step 1: Disable TDSSserv trojan driver.
# Right click the My computer icon. If you are using the non classic Start menu, then right click My computer icon on your Start button menu.
# Click Properties.
# Click Hardware Tab.
# Click Device Manager.
# In the top menu, click View and click Show Hidden Drivers.
# Scroll down to non Plug and Play drivers.
# Click + at left.
# In the list of drivers right click UACd.sys. (If you do not find this, then skip to Step 2)
# Click Disable.
# Click YES for confirm.
# Close all windows and reboot your computer.

Step 2: Remove TDSSserv Registry Keys
# Download RegASSASSIN from here. Save to your Desktop
# Run RegASSASSIN
# Click "I Agree"
# Copy & Paste the following RegKey to be deleted:
Code:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC
If you receive the error message "The registry key you have specified does not exist or is not visible to regassasin. This may be caused by a set permission that does not allow regassasin to see it, would you like to continue?" Click "Yes" to continue.
# Close all windows and reboot your computer.

PART II: TDss RootKit removal

Step 3: Delete TDSSserv trojan driver.
# Download Avenger from here and unzip to your desktop.
# Run Avenger, copy & paste the following text in Input script Box:
Code:
Drivers to delete:
UACd.sys

Then click "Execute".
# You will be asked, "Are you sure you want to execute the current script?". Click Yes.
# You will now be asked First step completed - The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes.
# Your PC will now reboot

Step 4: Running ComboFix

Download to your Desktop
- ComboFix by sUBs from >> Geeks2Go <<

Save as AvoidTDSS.exe during the download. ComboFix must be renamed before you download to your Desktop

Close ALL windows

Double click AvoidTDSS.exe follow the prompts

When finished, the program will produce a log

Note:
1. Do not mouseclick combofix's window while it's running. That may cause it to stall!
2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

Step 4: Getting Logs
Post the following logs:
# ComboFix
# ISeeYouXP
SoulMarine
Profile Blog Joined January 2009
United States586 Posts
June 18 2009 15:52 GMT
#31
someone got confickerroll'd
베이비 폭스 WeMade 파이팅! ~ WeMade 팬 ~ BaBy 팬 ~ щ(゚Д゚щ) Gee Gee Gee Gee BaBy BaBy BaBy ♫♫
Kletus
Profile Blog Joined March 2008
Canada580 Posts
June 18 2009 16:15 GMT
#32
If it is something so persistant as a rootkit, I wouldn't trust that computer until a format was performed.

Just be glad it isn't a Boot Virus. That can really screw shit up and you'd have to flash your box =x.
Your resistance only serves to make my carapace harder.
Mickey
Profile Blog Joined July 2005
United States2606 Posts
June 18 2009 16:44 GMT
#33
On June 19 2009 01:15 Kletus wrote:
If it is something so persistant as a rootkit, I wouldn't trust that computer until a format was performed.

Just be glad it isn't a Boot Virus. That can really screw shit up and you'd have to flash your box =x.

If I was going to reformat. How could I make sure files that I would be transferring from my hardrive to an external hardrive would be safe from infection? Scan the external hardrive after/transfer during safe mode?
Chef
Profile Blog Joined August 2005
10810 Posts
June 18 2009 16:56 GMT
#34
On June 19 2009 01:44 Mickey wrote:
Show nested quote +
On June 19 2009 01:15 Kletus wrote:
If it is something so persistant as a rootkit, I wouldn't trust that computer until a format was performed.

Just be glad it isn't a Boot Virus. That can really screw shit up and you'd have to flash your box =x.

If I was going to reformat. How could I make sure files that I would be transferring from my hardrive to an external hardrive would be safe from infection? Scan the external hardrive after/transfer during safe mode?

Next time you'd make backups of the files that are important to you.

PS: Flash apps and things have vulnerabilities too that can cause your PC to be infected. Just streaming porn isn't going to save you from viruses Try investing in NoScript and find out what sites you can really trust.
LEGEND!! LEGEND!!
0xDEADBEEF
Profile Joined September 2007
Germany1235 Posts
Last Edited: 2009-06-18 17:36:21
June 18 2009 17:34 GMT
#35
On June 18 2009 14:31 Mickey wrote:
Show nested quote +
On June 18 2009 14:28 Kentor wrote:
Dude just reformat.

No. I'm fucking sick of people always just saying "Reformat!". Do you know how much a pain in the ass it is, also I've always been a pretty knowledgeable person on ad ware/viruses. My Brother has fucked up the comp tons of tons of times doing dumb shit/looking at porn. I've always fixed the infection. Reformatting is like excepting defeat in my opinion.

God why do I always have stress/shit happened to me. I'm a nice guy!


You aren't knowledgeable enough about it if you want to avoid reformatting when you're infected, because this is the best (safest) solution. If you want to be sure that your system is clean, there is no other way.
Virus scanners etc. should be used to detect viruses *before* you execute them (and then *avoid* executing them), before it's too late.

And you should never let someone else fuck up your comp. Make an account with a minimum amount of privileges for your brother.
Kletus
Profile Blog Joined March 2008
Canada580 Posts
Last Edited: 2009-06-18 18:05:44
June 18 2009 17:38 GMT
#36
On June 19 2009 01:44 Mickey wrote:
Show nested quote +
On June 19 2009 01:15 Kletus wrote:
If it is something so persistant as a rootkit, I wouldn't trust that computer until a format was performed.

Just be glad it isn't a Boot Virus. That can really screw shit up and you'd have to flash your box =x.

If I was going to reformat. How could I make sure files that I would be transferring from my hardrive to an external hardrive would be safe from infection? Scan the external hardrive after/transfer during safe mode?


Yes you can just scan the external.

I have the same attitude as you towards formatting, it doesn't help that I'm an IT student so when shit hits the fan I don't mind going into the registry and a) Messing it up more or b) Somehow miraculously fixing everything. The best defense against malicious code/packets/whatever you wanna call it, is to prevent them from getting in in the first place; once it is in, your system has been compromised. Period. This can be done with a hardware/software firewall or 3rd party antivirus software stuff. I use Spybot and so far I've had no problems. I USED to use antivir but it wouldnt get rid of a peice of adware that was pissing me off.

Now I also know that you've used spybot and it isn't helping. Maybe it's a new virus that has no definition yet.
Your resistance only serves to make my carapace harder.
Prev 1 2 All
Please log in or register to reply.
Live Events Refresh
Next event in 14m
[ Submit Event ]
Live Streams
Refresh
StarCraft 2
OGKoka 69
StarCraft: Brood War
actioN 151
Killer 87
ToSsGirL 41
sorry 36
ZergMaN 32
Sharp 24
Bale 18
Dota 2
Fuzer 104
League of Legends
Doublelift579
JimRising 502
Other Games
summit1g3703
ceh91468
crisheroes198
XaKoH 167
Organizations
Other Games
gamesdonequick2307
BasetradeTV151
StarCraft 2
Blizzard YouTube
StarCraft: Brood War
BSLTrovo
[ Show 14 non-featured ]
StarCraft 2
• CranKy Ducklings SOOP4
• AfreecaTV YouTube
• intothetv
• Kozan
• IndyKCrew
• LaughNgamezSOOP
• Migwel
• sooper7s
StarCraft: Brood War
• BSLYoutube
• STPLYoutube
• ZZZeroYoutube
Dota 2
• lizZardDota2146
League of Legends
• Jankos771
• Stunt462
Upcoming Events
Replay Cast
14m
CranKy Ducklings3
CrankTV Team League
2h 14m
Replay Cast
1d
CrankTV Team League
1d 2h
Replay Cast
1d 15h
RSL Revival
2 days
Clem vs Lambo
Scarlett vs Cure
CranKy Ducklings
2 days
IPSL
2 days
Dragon vs Hawk
RSL Revival
3 days
Classic vs Trap
herO vs SHIN
Sparkling Tuna Cup
3 days
[ Show More ]
IPSL
3 days
Bonyth vs Ret
WardiTV Weekly
4 days
Monday Night Weeklies
4 days
PiGosaur Cup
5 days
The PondCast
6 days
Liquipedia Results

Completed

Proleague 2026-07-13
HSC XXIX
Eternal Conflict S2 E2

Ongoing

IPSL Spring 2026
Acropolis #4
CSL 2026 Summer (S21)
KCM Race Survival 2026 Season 3
RSL Revival: Season 6
CranK Gathers Season 4: BW vs SC2 Team League
SCTL 2026 Spring
Stake Ranked Episode 3
XSE Pro League 2026
IEM Cologne Major 2026
Stake Ranked Episode 2
CS Asia Championships 2026
Asian Champions League 2026
IEM Atlanta 2026
PGL Astana 2026
BLAST Rivals Spring 2026

Upcoming

Escore Tournament S3: W3
ASL S22 SEASON OPEN Day 1
Escore Tournament S3: W4
ASL S22 SEASON OPEN Day 2
Escore Tournament S3: W5
CSLAN 4
Blizzard Classic Cup 2026
HSC XXX
SC4ALL II: StarCraft II
Kung Fu Cup 2026 Grand Finals
Light Tournament 2026
Eternal Conflict S2 Finale
Eternal Conflict S2 E3
Logitech G Connect 2026
StarSeries Fall 2026
FISSURE Playground #5
BLAST Open Fall 2026
Esports World Cup 2026
BLAST Bounty Summer 2026
BLAST Bounty Summer Qual
TLPD

1. ByuN
2. TY
3. Dark
4. Solar
5. Stats
6. Nerchio
7. sOs
8. soO
9. INnoVation
10. Elazer
1. Rain
2. Flash
3. EffOrt
4. Last
5. Bisu
6. Soulkey
7. Mini
8. Sharp
Sidebar Settings...

Advertising | Privacy Policy | Terms Of Use | Contact Us

Original banner artwork: Jim Warren
The contents of this webpage are copyright © 2026 TLnet. All Rights Reserved.