TDSS.aru Problem Even with other suggestions

[canes1711]

I read over on another thread about how to fix this, but it keeps blocking the programs from downloading. I tried renaming them, but it didn't work. What do I do now?

[maynardvdm]

Hi

 

Firstly press Alt + Ctrl + Delete to bring up the task manager

Look under processes and select TDSS.aru and click on End Process

Now try to download.

 

If not try downloading in Safe Mode

 

Start your computer in Safe Mode.

• If the computer is running, shut down Windows, and then turn off the power.
  
• Wait 30 seconds, and then turn the computer on.
  
• Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again. If F8 doesn't work try F5.
  
• Ensure that the Safe Mode with Networking option is selected.
  
• Press Enter. The computer then begins to start in Safe mode.
  
• Log on with an account that has administrator priviledges, usually your own account (NOT the account named Administrator).
  

[maynardvdm]

Hi

 

If you managed to get into safe mode, here is the malware removal process:

 

Your computer appears to be infected with Malware. Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. It is a combination of the words malicious and software. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.

 

It is in your best interest to note the following:

1. Please disable your resident security applications (such as AVG, Spybot, WinPatrol, etc.) before performing the below procedure so that they do not interfere with the process.
   
2. Perform all the steps in the order listed to avoid any conflicts.
   
3. If unsure, please stop and voice your doubts.
   
4. You might be required to go offline during the disinfection process. Therefore, it is recommended to print off the instructions below for ease of reference.
   

If you stick to the above guidelines, all should go smoothly.

 

================================================

STEP 1

1. Download ATF-Cleaner by Atribune.
   
2. Save the file to your Desktop.
   
3. Double-click on the file to run the program.
   
4. On the Main tab, check the Select All button.
   
5. Next, click on the Firefox tab (if applicable) and check the Select All button.
    
   Note: If you would like to preserve your saved passwords in Firefox, then click No at the corresponding prompt.
   
6. Now, click on the Opera tab (if applicable) and check the Select All button.
    
   Note: If you would like to preserve your saved passwords in Opera, then click No at the corresponding prompt.
   
7. Press the Empty Selected button and click OK to acknowledge the corresponding prompt.
   
8. Click on the Exit button to quit the program.
   

================================================

STEP 2

1. Please click here to download Malwarebytes' Anti-Malware.
   
2. Save the file to your Desktop.
   
3. Double-click mbam-setup.exe and follow the prompts to install the program.
   
4. At the end, make sure a check mark is placed next to:
   1. 
      
   2. Update Malwarebytes' Anti-Malware
      
   3. Launch Malwarebytes' Anti-Malware
      

[*]Click Finish.

[*]The program will download and update itself if it finds the necessity to do so. Please allow this.

[*]Once the program has loaded, select Perform full scan, then click Scan.

 

Note: Depending on your computer specifications, the scan may take some time to complete. Please wait patiently and do not interrupt the process.

[*]When the scan is complete, click OK, and then Show Results to view the results.

[*]Make sure that every entry is selected, and click Remove Selected.

[*]Restart your computer.

================================================

STEP 3

1. Please click here to download SUPERAntiSpyware (Free Version).
   
2. Save the file to your Desktop.
   
3. Double-click SUPERAntiSpyware.exe and follow the prompts to install the program.
   
4. Open SUPERAntiSpyware.
   
5. Under Configuration and Preferences, click the Preferences button.
   
6. Click the Scanning Control tab.
   
7. Under Scanner Options make sure the following fields checked:

   [*]Click the Close button to leave the control center screen.

   [*]On the main screen, under Scan for Harmful Software click Scan your computer.

   [*]On the left, make sure you check mark C:\Fixed Drive.

   [*]On the right, under Complete Scan, choose Perform Complete Scan.

   [*]Click Next to start the scan. Please be patient while it scans your computer.

   [*]After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.

   [*]Make sure every entry has a check mark next to it and click Next.

   [*]A notification will appear that Quarantine and Removal is Complete. Click OK and then Finish to return to the main menu.

   [*]Restart your computer.

   ================================================

   STEP 4
   1. Please visit the ESET Online Scanner, using Internet Explorer to initiate the scan.
       
      Note: If you are running Windows Vista, then you will need Administrative privileges to complete the latter part of the procedure. To do so, right-click on the Internet Explorer icon in the Start Menu and select the Run As Administrator option in the shell context menu.
      
   2. Check mark the YES, I accept the Terms of Use box.
      
   3. Click the Start button.
      
   4. Click the Install button on the following screen.
      
   5. Click Start. This will will initialize and update the scanner engine.
      
   6. Check mark the box beside Remove found threats.
      
   7. Click the Scan button. This will start the scan. Please be patient while it is in progress.
      
   8. Restart your computer.
      

   ================================================

   STEP 5
   1. Click on Start > Programs > Accessories > System Tools and select System Restore.
      
   2. Choose the radio button marked Create a Restore Point on the first screen and click Next. Give the restore point a name then click Create. The new point will be stamped with the current date and time. Keep a note of this so you can find it easily should you need to use System Restore.
      
   3. Next, click on Start > Run, type Cleanmgr and click on OK.
      
   4. Click on the More Options tab.
      
   5. Click the Clean Up button in the System Restore section to remove all previous restore points except the most recent one.
      

   This will remove any infected files that have been backed up by Windows. The files in "System Restore" are protected to prevent any programs changing those files. This is the only foolproof way to ensure the deletion of those files.

    

   Note: Please don't use it on a regular basis as this will clear all previous restore points. The feature might be very useful to revert your computer to working condition if something goes wrong.

    

   Re-enable all your security applications and please return here and tell us how the computer seems to be operating.

Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining

[canes1711]

Still not working

 

It still isn't working. I did the ATF Cleaner, but I still can't get the SUPER Spyware to work. And the cleaner did something weird so that ESPN and other websites don't show up like normal.

[Match]

Hi Canes.

 

you have to download in safe mode and then run the programs in normal widows is this what you are trying to do?

 

or are you trying to run them in safe mode?

[canes1711]

I tried that, but it still isn't working. When I try to download the Malware Bytes, it will download off of a site, but it won't "run" after the .exe is downloaded. When I try the SUPERanti-spyware, it will download the .exe, but it has an error when I try to run it. I appreciate the help.

[canes1711]

Also, the TDSS.aru doesn't show up in the processes when I hit ctrl-alt-del.

[Match]

are you running any other antivirus/spyware programs at the same time? if so disable them first then try the disinfection procedure.

 

I appreciate the help.

 

Sorry this is not going as planned but bare with us and we will get there :)

[canes1711]

That's fine. I'll try it again while turning them off.

[Tootech]

but it won't "run" after the .exe is downloaded

 

If that doesn't work, try renaming the Malwarebytes download to something like m.exe, and run the renamed file.

[canes1711]

Ok, MalwareBytes is now downloaded, but when I try to run the actual program (in normal mode), it just won't start. It won't get to the scanning part.

[canes1711]

Okay, it is now running. I went to

 

How to remove trojan TDSSserv (TDSSserv.sys), clbdriver.sys and seneka.sys | My Anti Spyware

 

and apparently I had the TDSSserv trojan, which blocked the MalwareBytes. I followed the instructions, and now, Malware is running.

[canes1711]

Okay, I've been through the spyware scans, and I'm running them through a second quick scan to make sure they get everything. Then, I'll do the virus scan, but it seems to be working. I notice my internet is running much faster.

 

Also, this error comes up saying quickset.exe is not running properly or at all. Should I get some sort of Registry Fixer, and if so, which one?

[canes1711]

Okay, when I got to the Start > Run for the Cleanmgr, it asks for the drive, which I assume is C. And then it starts to calculate how much space can be saved, at which point I hit cancel. Is that what it's supposed to do?

[RandyL]

canes under no circumstance run any type of registry fixer or registry cleaner of any sort.

 

Run the rest of the scans as suggested.

 

quickset.exe is a process belonging to Dell computers which allows you to access power management diagnostics and settings.

 

It probably isn't needed to be run at startup and can be disabled via the icon in the system tray.

 

If you want it you should be able to download it from the Dell site and reinstall it.

 

I fail to see how Cleanmgr relates to this issue but yes that is what it is supposed to do. Finish with the issues at hand like the scans before moving on to unrelated issues like cleaning your temp files.

 

Wishing you luck.

[canes1711]

Fair enough. Thanks for all the help. Everything is running much, much smoother now.

 

Quick Question -- I have Ad-Aware, MalwareBytes, and Super Anti-Spyware. Should I get rid of any of them? Which should I keep?

[maynardvdm]

Hi

 

Keep Super Anti-Spyware and Malwarebytes and run them once a week.