Thread: "Antivirus XP" turns to system shutdown, unable to dl, blocking websites?
View Single Post
Join Date: Feb 2004
Posts: 9,926
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 709
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: "Antivirus XP" turns to system shutdown, unable to dl, blocking websites?

 
0
  #9
Aug 30th, 2008
Originally Posted by agent rotary View Post
Notably, I don't appear to have a rdssrv.exe or hdfkt.dll. I double-checked my logs, the files you listed, and my folder multiple times to ensure I wasn't making any errors. Would that possibly be the error?
I don't think they would be causing this problem if they were not there.

==

Go to Add/Remove programs and uninstall the following, if present:

Viewpoint Manager,Viewpoint Media Player,Viewpoint Toolbar

The above could appear anywhere within the entry. Be careful not to remove any personal or system software.

===============

A. Please RUN HijackThis
  1. Click the SCAN button to produce a log.
  2. Place a check mark beside each one of the following items:

    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - (no file)

    O4 - HKLM\..\RunOnce: [ ] C:\WINDOWS\System32\cmd.exe /C del /Q C:\WINDOWS\system32\rdssrv.exe C:\WINDOWS\system32\rdshost.dll C:\WINDOWS\system32\hdfkt.dll

    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

  3. Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.
B. 1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
C:\WINDOWS\system32\tdssserf.dll
C:\WINDOWS\system32\rdssrv.exe
C:\WINDOWS\system32\rdshost.dll
C:\WINDOWS\system32\hdfkt.dll
Folder::
C:\Program Files\Viewpoint
Driver::
C:\WINDOWS\system32\drivers\z2yhfmbkp2z.sys
Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\z2yhfmbkp2z.sys]
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif


7. After reboot, (in case it asks to reboot), please re-enable all the programs that were disabled during the running of ComboFix then post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote