Hope I am doing this right and that someone can help me. (Windows XP Media Center 2002)
I am trying to remove a virus:
(C:\WINDOWS\system32\drivers\TDSSserv.sys)
(HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv)
As per what I read on the forums, I should use SDfix in Safe Mode to remove the virus.
My problem is the following: When I tap F8 and then select safe mode, the screen shows all the drivers loading and then it brings me back to the safe mode options. Whether I try safe mode in network or safe mode in command prompt it's all the same.
I tried running msconfig from run and the error message says it can not find msconfig.
I went in the bineries file and found msconfig.exe and tried to start in safe mode from there and when I booted up I was caught in a booting loop. Had to use Winternal Commander to restore so I could get back in.
Hope someone can help.
Thank you
I personally have never used SDFix but this is a step by step on how to. Thanks to a friend at bleepingcomputer.
If however this doesn't work. I do have an alternate method of removal for you.
Please reply and I'll post it if this doesn't fix your problem
How to use SDFix
Credits: AndyManchesta for SDFix
What this program does:SDFix is a program written by AndyManchesta that can remove many different types of Trojans and Worms. You have most likely reached this page when researching a program in our Startup Database and it directed you here to learn how to remove it. If you follow the instructions below, SDFix will remove the known Trojans and Worms found on your computer. For a complete list of Trojans and Worms that SDFix knows how to remove you should read the SDFix Changelog. It is important to note that you must be logged in as an Administrator and in safe mode in order for SDFix to work properly.
Common problems/messages and how to fix them:Error Message:
The command prompt has been disabled by your administrator.
Press any key to continue . . .
How to fix:
Click on the Start menu, then Run, and then copy and paste the following line into the Run field:%systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.reg
Press OK then run SDFix again
Problem:
If the Command Prompt window flashes on then off again on XP or Windows 2000How to fix:
Click on the Start menu, then Run, and then copy and paste the following line into the Run field:%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe
Then click OK, then type Y and press Enter when prompted, Reboot and start SDFix again
Problem:
If SDFix still doesn't run check the %comspec% variable
How to fix:
Click on the Start button then right-click on My Computer and select properties. Then click on the Advanced tab and then click on the Environment Variables. Under System Variables, make sure that the ComSpec variable points to %SystemRoot%\system32\cmd.exe
Problem:
Need to restore your registry after running SDFix
How to fix:
SDFix uses ERUNT to create a registry backup. This backup can be restored by clicking on Start, then Run and typing:%SystemRoot%\ERUNT\SDFix\ERDNT.EXE
Then press the OK button.
Tools needed for this fix:
SDFixRevision History:
02/15/08 - Created the guide
--------------------------------------------------------------------------------
SDFix Instructions:
Please print these instructions as they will be needed later when Internet access is not available.
Logon to your computer with an account that has Administrator privileges.
Download SDFix.exe from the following link and save it to your desktop:SDFix Download Link
Confirm that the file SDFix.exe now resides on your desktop, but do not double-click on the icon as of yet. We will use it in later steps. The icon will look like the one below:
Now, double-click on the SDFix icon that should now be residing on your desktop. If a Open File - Security Warning box opens, click on the Run button.
A window will open asking where you would like to install SDFix to.
Do not change anything and press the Install button. This will install the program into the default location of C:\SDFix. At this point, you should not run SDFix, but instead continue to the next step where you will reboot into safe mode.
Next, please reboot your computer into Safe Mode by doing the following:
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.
When you are at the logon prompt, log in as the same user that you had performed the previous steps as.
When your computer has started in safe mode, and you see the desktop, close all open Windows.
Click on the Start button, click on the Run menu option, and type the following into the Open: field:C:\SDFix\RunThis.bat
Then press the OK button.
The SDFix window will open, as shown below, containing some brief info and a disclaimer on the use of the tool.If you want to continue, please press the Y key on your keyboard and then press enter. Otherwise, you can press the N key to exit the program.
SDFix will now start scanning your computer for known infections as seen in the image below.
This process can take a while, so you may want to do something else and periodically check back on the status of SDFix. As the scanning process continues you will continue to see new messages on the screen as shown in the figure below.
When the scanning process has finished you will see a new screen stating that you need to restart your computer in order to continue.At this point you should press any key on your computer's keyboard in order to restart the computer.
When your computer reboots, you will be presented with a screen stating that SDFix has finished.
At this point you should press any key on your computer's keyboard in order to continue to your desktop.
When you are back at your Windows desktop, the SDFix log will automatically be opened in notepad.
Review the log as necessary to see what was removed and then close the Notepad window.Now that SDFix has finished running, any Worms or Trojans that it knows how to remove should have been deleted from your computer.
If after attempting these instructions you still have an infection, then it is advised that you post your HijackThis log so one of our experts can help you remove it. Instructions on how to post a HijackThis log can be found here:
Preparation Guide For Use Before Posting A Hijackthis Log
--------------------------------------------------------------------------------
This is a self-help guide. Use at your own risk
Hi Lightning Hawk,
My problem is not with SDfix. I need to be able to boot in safe mode to be able to use it. I can't boot into safe mode. I need to fix that problem before I can use SDfix to remove the virus. Maybe I am explaining wrong.
Thanks for working on it and if you need any logs I can provide.
Try These safe mode boot fixes. Sorry about the misunderstanding.
1. The SafeBootKeyRepair tools of SuBs:
ComboFix not installed: Version 1 (288,070 bytes):
http://www.techsupportforum.com/sectools/sUBs/SafeBootKeyRepair.exe
ComboFix installed: Version 2: (61,694 bytes)
http://www.techsupportforum.com/sectools/sUBs/SafeBootKeyRepair-CF.exe
Zitat:
Download & run this tool > SafeBootKeyRepair It shall only take a short moment for it to finish running.
A log shall be produced at C:\SafeBoot_Repair.txt.
Posting on our forum: make us see the C:\SafeBoot_Repair.txt
2. The SafeBootKeyRepair tool of ElPiedra:
Zitat:
Download the SafeMode Repair.zip,
unzip it to your desktop
Double-click onto it to run it
Click ok > restart your system into Normal Mode.
Hi LightningHawk,
The first 2 links don't work or not for me they don't work. I have combofix already on my desktop.
I followed the instructions for the Safe Mode Repair and when I run it I get the following message:"Are you sure you want to add the information in C:\Documents and Settings\user\Desktop\SafemodeRepair\SafemodeRepair.reg to the registry?
I went with yes but I can't find any report.
Can you advise?
Thanks
Try to boot into safe mode now. It should have made the needed changes to the registry
Thanks Lightning Hawk,
Got it to boot on Safe Mode, ran SDFix, scanned with Trojan Remover and "No Virus Found"
Thanks for all your help.
Glad I could help.
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.