0

Well, I "think" you are ok. But PLEASE read all instructions first. I want you to run TDSSKiller again.
Execute the file TDSSKiller.exe.
* Wait for the scan and disinfection process to be over. It is necessary to reboot the PC after the disinfection is over.
# The utility can detect two object types:

* malicious (the malware has been identified);
* suspicious (the malware cannot be identified).

# When the scan is over, the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).

# Select the action Quarantine to quarantine detected objects.
The default quarantine folder is in the system disk root folder, e.g.:
C:\TDSSKiller_Quarantine\23.07.2010_15.31.43

0

Whew! First thing I want you to do is Clean out those Scheduled Tasks. Most of them are for Google updates, totally not needed. One is also for Updating Apple Software, also not needed. Both of those you can easily do manually and with the Apple stuff when you use an Apple program or something like an iPod if it needs updating you will be told to do so. So get rid of all those. Also there is one other Scheduled Task in there that I can find absolutely no information about so it could be the infection scheduling an update, I can't say for sure. But if you haven't added something in there yourself I would advise cleaning this out entirely.

This TDSS rootkit is really nasty as you have found and it could have damaged all of those programs so you want to be sure they are all new and clean. So what you need to do is uninstall them and then download the install file for Avast and MBA-M, but NOT Zone Alarm, to a flash drive and take that to the affected computer and install them using the flash drive.
Uninstall, Avast, your Zone Alarm and also MBA-M. First use Add/Remove or in the case of Zone Alarm, its built in uninstaller, to uninstall the programs. But then, to make sure that all of them are completely removed you should also run their specialized uninstall utilities which you should put onto the flash drive and then put them onto the computer from there. Note these must be run from the Desktop. NOT from a folder but the DESKTOP. If run from a folder they will also delete the folder that you have put them in. DESKTOP Please.

The first one is the Avast Uninstall utility and this must be used in Safe Mode.
Download http://files.avast.com/files/eng/aswclear5.exe on your desktop

Here is the Malwarebytes' Removal Tool. http://www.malwarebytes.org/mbam-clean.exe onto your Desktop

Zone Alarm Uninstall utility; http://download.zonealarm.com/bin/free/support/cpes_clean.exe

Now here are the procedures you need to use for Uninstalls. Do them completely ONE at a Time.

Begin with Avast.

Uninstall first using Add/Remove. If it asks to reboot, allow it to do so.
Then shut down again and do the following:

Start Windows in Safe Mode
the Avast Uninstall utility must be run in Safe Mode
Open (execute) the uninstall utility
If you installed avast! in a different folder than the default, browse for it. (Note: Be careful! The content of any folder you choose will be deleted!)
Click REMOVE
Restart your computer in Normal Mode.

Next Uninstall MBA-M via Add/Remove. You again will have to reboot the computer for the Uninstall to complete. This time Normal Mode should be used for reboot.
Once the computer is rebooted to normal mode then run the MBA-M uninstall utility from your desktop. It will ask to restart your computer (please allow it to).

I believe that Zone Alarm has an Uninstaller in it's program folder. Look to see if it does and if it does, use it. If it doesn't then use Add/Remove.
After you have done that then use it's Uninstaller utility

Next install Avast and MBA-M.

Here are download links for both programs:

http://www.avast.com/free-antivirus-download

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?cdlPid=10997763

Now of course once they are installed they need to be updated, that is when you should first, enable the built in Windows Firewall and then you can go back online with the computer and update them and do Full Scans with both of them. Of course if they find something then have them remove/quarantine whatever is found.

I think you should also seriously consider using a different firewall, Zone Alarm is not what it used to be and it obviously did nothing for you in this instance. I am not saying it would have kept this thing off of there, I don't know for sure but notice what gave you the alerts, your Avast program not Zone Alarm.

There are several very good free ones that come highly recommended, Zone Alarm is not on that list;

Online Armor http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html
Here is a link for correct settings for Online Armor. This is a zip file with pictures;
http://www.mediafire.com/?ag0tgmsg05lat3x

Another good one is PC TOOLS FIREWALL http://www.pctools.com/firewall/
Upon installation, Choose DO NOT INSTALL SPYWARE DR, Choose,NORMAL USER and Choose HOME NETWORK(provided you are behind a router and have a private IP) http://www.pctools.com/forum/showthread.php?t=61506 You will get some small pop up boxes coming from your task bar, bottom right corner. It is programs asking for permission to access the internet or install/uninstall. There will be enough information at the top of the box for you to make an informed decision of whether to allow it or block it. If you happen to block something that needs permission, open the program, click on Application Blocking and allow it, conversely, something that should have been blocked, same place, just block it.

Another is Outpost Firewall http://free.agnitum.com/

Choose any of the above, all are highly recommended. Or use the built in Windows Firewall. Your choice.

Do all of the above, following ALL instructions exactly. Post back here with the MBA-M log from the first run after the reinstall and another HJT system scan log after doing all of the above.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.