View Poll Results: how much helpful to yo?

5. You may not vote on this poll
  • yes helped a lot

    4 80.00%
  • some what.... log is ok then what to do?

    1 20.00%
Results 1 to 8 of 8

IF you are under attack---what to do??

  1. #1

    Default IF you are under attack---what to do??

    * DO NOT FIX ANY ENTRIES OR DELETE ANY FILES YOURSELF. Do not run any specialized tools that you see being used in other threads without direct supervision from one of our trained analysts. Be advised that running any specialized tools not listed in this topic, on your own, is done solely at your own risk

    * It is also this forum's policy that we only address users with a legal copy of Windows. If during the course of a fix it is determined that the copy is not legal, we must stop the cleansing process.


    How Soon Can I Expect Help?


    Please be considerate of the fact that the people helping you are all volunteers, and in many cases usually have a job, and a limited amount of time to help, and therefore can only do so much. Also please note that there are many more people in need of assistance than there are trained staff members who may assist. Patience for this free assistance is required. If there is an immediate need, please take the machine to a local technician.

    If no one has replied to your thread within 72hrs after you posted, please reply in your thread with the words "BUMP, please" to move it forward. Do NOT bump the thread unless 72 hours has passed. We try to work from oldest to newest posts so your wait will be longer if you bump it forward before the 72 hours is up. When looking threads to respond to, we look for threads with 0 reply, or 1 reply. If you bump, or add a post prior to the 72 hrs, your thread is highly likely to be overlooked by our queuing methods.

    Additionally, do not bump more than once. If you do, it may appear as though the thread is being handled, and it may be overlooked. Early bump posts will be deleted.

    NOTE: We are aware that users sometimes seek help from several Forums at the same time. Unfortunately, this can cause confusion and actually wastes time and resources - yours, ours and other Volunteers across the community. If you have already posted at another Forum, please advise us, or them, and choose just one.

    Also be advised:

    It is not our intent to repeatedly remove malware from the same member's machines. The intent of this free service performed by volunteers is to help remove malware from your machine, educate you on how it may have happened, and how to prevent that from happening again. To this end, we provide links to articles and tools which should make your visit to the Virus/Trojan/Spyware Help section of TSF a one time event. Please do enjoy the rest of Tech Support Forum as many times as you like!


    Change Your Login and Passwords to Financial Sites


    Many infections that the commercial scanners are failing to remove are the type of infections that allow hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge.

    If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all login and passwords where applicable. It would be wise to contact those same financial institutions to apprise them of your situation. Please refer to Microsoft's Online Safety article for tips on creating a strong password.

    Do not change passwords or do any transactions from the infected computer until it has been cleaned.


    Preparing for the Malware Removal Process


    While we try our hardest to avoid them, accidents do happen. With today's malware being as it is, neither Tech Support Forum nor the Analyst providing the advice may be held responsible for any loss of your data. You're following the instructions given at your own risk. We recommend that you back up any data that’s important to you beforehand, just in case the worst happens.

    1. As a general rule, to offset any unexpected mishaps, your personal data should be backed up regularly. If you do not already have a process in place that backs up your data, it is highly recommended you do this now. Click here for guidelines on what to back up and how to do it.

    2. If you suspect the machine to have cracked (illegal) software installed, click here.

    3. Uninstall the following via Add or Remove Programs in Control Panel:

    * If you have more than one antivirus software installed, leave only ONE and uninstall the others.

    * p2p programs like uTorrent, Bittorrent, LimeWire, Morpheus, etc., as they are a major conduit for malware and a likely source of your current issues. See this link


    Downloads and Reports Required:


    Before scanning, ensure all other running programs are closed. Do not use your computer for anything else during the scan.

    Also, ensure there aren't any scheduled antivirus scans running while the dds scan is being performed.

    *Note - Some antivirus programs falsely detect dds.scr as a threat.


    Download DDS and save it to your desktop from here or here.
    Disable any script blocker, and then double click dds.scr to run the tool.

    * When done, DDS will open two (2) logs
    1. DDS.txt
    2. Attach.txt
    * Save both reports to your desktop.


    Download GMER Rootkit Scanner from here or here.

    * Extract the contents of the zipped file to desktop.
    * Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
    * If it gives you a warning about rootkit activity and asks if you want to run on NO, then use the following settings for a more complete scan..

    Click the image to enlarge it

    * In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    o Sections
    o IAT/EAT
    o Drives/Partition other than Systemdrive (typically C:\)
    o Show All (don't miss this one)
    * Then click the Scan button & wait for it to finish.
    * Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
    * Save it where you can easily find it, such as your desktop

    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

    How the logs should be furnished:

    Copy/Paste the contents of 'DDS.txt' to be posted as text to your post
    The other two logs ...

    * attach.txt
    * ark.txt

    ... should be zipped/archived before attaching to the post

    When posting your reply, the zipped file may be attached by clicking the [Manage Attachments] button.
    It's located under [Additonal Options] on the composition page.
    Browse to where you saved the file, and click Upload.


    When posting the logs please observe the following


    * Describe your issue/problem in DETAIL!. We cannot second guess as to what your issue(s) may be. Please provide as much detail as possible, including virus/trojan/worm names and locations if available. The more information you can give us the better we can help

    * Only Attach the logs that we've specifically requested for you to. (Otherwise post it as text in the Reply box).
    * DO NOT Wrap the log using Quote or Code tags. (DO make sure notepad word-wrap is OFF)
    * DO NOT Post another Program’s log (Unless we specifically ask for it)
    * DO NOT Cut off the header of any log (It contains important information for the Analyst)
    * DO NOT Private Message the Analyst unless asked to do so.
    * DO NOT post live suspicious links. We do appreciate that you want to give as much information as possible, but the links need to be munged. Alter the links to use hxxp:// instead of http://

    Last edited by Admin; 2nd October 2009 at 04:18 PM.

  2. #2
    The Wizard meetdilip's Avatar
    Join Date
    Aug 2009


    What is this ?

  3. #3


    Quote Originally Posted by meetdilip View Post
    What is this ?
    simple TIPS for malewire removal...

    DON't you know??

    here all sumo admin and others involved in politics against new comers so better post that log in other forums....

    admin is modifying this post again and again,i request admin to leave a note over here....

    so that every one can know that why you are modifying it...
    Is my suggestion is wrong admin???

    you have the power so go and BAN me if i am suggesting any wrong guideline to forum user
    Last edited by csayantan; 2nd October 2009 at 07:04 PM. Reason: Automerged Doublepost

  4. #4
    Bronze Member
    Join Date
    Oct 2009


    i already know this, this is what you won't learn in one time because u will learn it slowly, one by one.......

  5. #5
    Bronze Member
    Join Date
    Sep 2008


    or just install
    1. eset smart security
    2.spybot search n destroy
    n keep dere real time protection on all the time
    .....Only The Dead Have Seen The End Of War.....

  6. #6
    Junior Member
    Join Date
    Sep 2009


    Malware's nowadays are a real pain in the ass. And what's worse, the one who seems to be creating them are also the one's who are making anti malware programs in the world! Damn...

  7. #7
    The Master imrock's Avatar
    Join Date
    Sep 2008


    for me if u r under attack then -

    Defend Urself

  8. #8
    Platinum Member
    Join Date
    Nov 2009


    Too lazy to read all..............
    To be safe ....use a updated antivirus before anything can happen.

Similar Threads

  1. India may attack Pakistan
    By meetdilip in forum News discussions
    Replies: 9
    Last Post: 9th November 2012, 10:18 PM
  2. port scan attack
    By saugatdb in forum Computer Security
    Replies: 16
    Last Post: 29th April 2009, 03:17 PM
  3. virus attack !
    By cheeru in forum Computer Security
    Replies: 16
    Last Post: 7th April 2009, 02:03 AM
  4. Police Academy Under Attack In Pakistan...
    By gothic_coder in forum News discussions
    Replies: 11
    Last Post: 31st March 2009, 01:40 PM
  5. Attack By The Savage
    By rupu1983 in forum News discussions
    Replies: 9
    Last Post: 9th February 2009, 06:30 PM