1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

TDSSserv.sys hidden files

Discussion in 'Windows Security' started by John, Jul 21, 2009.

  1. John

    John Guest

    I regularly update & scan with Avira AntiVir, MBAM, and Spybot. My computer
    seems to be fine but Avira is finding these 5 "hidden files":

    Starting search for hidden objects.
    HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys\modules
    [INFO] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys\start
    [INFO] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys\type
    [INFO] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys\imagepath
    [INFO] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys\group
    [INFO] The registry entry is invisible.
    '91290' objects were checked, '5' hidden objects were found.

    I went into Device Manager and can see TDSSserv.sys as a non-plug-n-play
    driver with an exclamation point in a yellow circle next to it. I can
    certainly disable it from there but figured I'd run MBAM and Spybot first to
    see if they remove it. It bugs me that Avira detects it but doesn't do
    anything about it. That doesn't seem to be very helpful.

    Anyway, just looking for advice about what to do. Should I disable it in
    Device Manager? It does seem to be a known Trojan.

    Thanks
     
    John, Jul 21, 2009
    #1
  3. David H. Lipman

    David H. Lipman Guest

    From: "John" <noreply@noreply.com>

    | I regularly update & scan with Avira AntiVir, MBAM, and Spybot. My computer
    | seems to be fine but Avira is finding these 5 "hidden files":

    | Starting search for hidden objects.
    | HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys\modules
    | [INFO] The registry entry is invisible.
    | HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys\start
    | [INFO] The registry entry is invisible.
    | HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys\type
    | [INFO] The registry entry is invisible.
    | HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys\imagepath
    | [INFO] The registry entry is invisible.
    | HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys\group
    | [INFO] The registry entry is invisible.
    | '91290' objects were checked, '5' hidden objects were found.

    | I went into Device Manager and can see TDSSserv.sys as a non-plug-n-play
    | driver with an exclamation point in a yellow circle next to it. I can
    | certainly disable it from there but figured I'd run MBAM and Spybot first to
    | see if they remove it. It bugs me that Avira detects it but doesn't do
    | anything about it. That doesn't seem to be very helpful.

    | Anyway, just looking for advice about what to do. Should I disable it in
    | Device Manager? It does seem to be a known Trojan.

    | Thanks



    Yes it is a known trojan, TDSserv is a trojan RootKit.

    Scan with Gmer.



    --
    Dave

    Multi-AV -
     
    David H. Lipman, Jul 21, 2009
    #2
  4. John

    John Guest

    "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    news:ud2tCImCKHA.4168@TK2MSFTNGP05.phx.gbl...<!--coloro:blue--><span style="color:blue <!--/coloro-->
    > From: "John" <noreply@noreply.com>
    >
    > | I regularly update & scan with Avira AntiVir, MBAM, and Spybot. My
    > computer
    > | seems to be fine but Avira is finding these 5 "hidden files":
    >
    > | Starting search for hidden objects.
    > | HKEY_LOCAL_MACHINESystemControlSet001ServicesTDSSserv.sysmodules
    > | [INFO] The registry entry is invisible.
    > | HKEY_LOCAL_MACHINESystemControlSet001ServicesTDSSserv.sysstart
    > | [INFO] The registry entry is invisible.
    > | HKEY_LOCAL_MACHINESystemControlSet001ServicesTDSSserv.systype
    > | [INFO] The registry entry is invisible.
    > | HKEY_LOCAL_MACHINESystemControlSet001ServicesTDSSserv.sysimagepath
    > | [INFO] The registry entry is invisible.
    > | HKEY_LOCAL_MACHINESystemControlSet001ServicesTDSSserv.sysgroup
    > | [INFO] The registry entry is invisible.
    > | '91290' objects were checked, '5' hidden objects were found.
    >
    > | I went into Device Manager and can see TDSSserv.sys as a non-plug-n-play
    > | driver with an exclamation point in a yellow circle next to it. I can
    > | certainly disable it from there but figured I'd run MBAM and Spybot
    > first to
    > | see if they remove it. It bugs me that Avira detects it but doesn't do
    > | anything about it. That doesn't seem to be very helpful.
    >
    > | Anyway, just looking for advice about what to do. Should I disable it in
    > | Device Manager? It does seem to be a known Trojan.
    >
    > | Thanks
    >
    >
    >
    > Yes it is a known trojan, TDSserv is a trojan RootKit.
    >
    > Scan with Gmer.
    >
    >
    >
    > --
    > Dave
    >
    > Multi-AV -
    >
    ><!--colorc--><!--/colorc-->

    Thanks David. I will try that when MBAM finishes.
     
    John, Jul 21, 2009
    #3
  5. John

    John Guest

    "John" <noreply@noreply.com> wrote in message
    news:uenbTMmCKHA.4792@TK2MSFTNGP05.phx.gbl...<!--coloro:blue--><span style="color:blue <!--/coloro-->
    >
    > "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    > news:ud2tCImCKHA.4168@TK2MSFTNGP05.phx.gbl...<!--coloro:green--><span style="color:green <!--/coloro-->
    >> From: "John" <noreply@noreply.com>
    >>
    >> | I regularly update & scan with Avira AntiVir, MBAM, and Spybot. My
    >> computer
    >> | seems to be fine but Avira is finding these 5 "hidden files":
    >>
    >> | Starting search for hidden objects.
    >> | HKEY_LOCAL_MACHINESystemControlSet001ServicesTDSSserv.sysmodules
    >> | [INFO] The registry entry is invisible.
    >> | HKEY_LOCAL_MACHINESystemControlSet001ServicesTDSSserv.sysstart
    >> | [INFO] The registry entry is invisible.
    >> | HKEY_LOCAL_MACHINESystemControlSet001ServicesTDSSserv.systype
    >> | [INFO] The registry entry is invisible.
    >> | HKEY_LOCAL_MACHINESystemControlSet001ServicesTDSSserv.sysimagepath
    >> | [INFO] The registry entry is invisible.
    >> | HKEY_LOCAL_MACHINESystemControlSet001ServicesTDSSserv.sysgroup
    >> | [INFO] The registry entry is invisible.
    >> | '91290' objects were checked, '5' hidden objects were found.
    >>
    >> | I went into Device Manager and can see TDSSserv.sys as a
    >> non-plug-n-play
    >> | driver with an exclamation point in a yellow circle next to it. I can
    >> | certainly disable it from there but figured I'd run MBAM and Spybot
    >> first to
    >> | see if they remove it. It bugs me that Avira detects it but doesn't do
    >> | anything about it. That doesn't seem to be very helpful.
    >>
    >> | Anyway, just looking for advice about what to do. Should I disable it
    >> in
    >> | Device Manager? It does seem to be a known Trojan.
    >>
    >> | Thanks
    >>
    >>
    >>
    >> Yes it is a known trojan, TDSserv is a trojan RootKit.
    >>
    >> Scan with Gmer.
    >>
    >>
    >>
    >> --
    >> Dave
    >>
    >> Multi-AV -
    >>
    >><!--colorc--><!--/colorc-->
    >
    > Thanks David. I will try that when MBAM finishes.<!--colorc--><!--/colorc-->

    Actually I have also found a way to do a rootkit search w/ Avira so I'm
    doing that while MBAM runs. Avira Ant-Vir seems to be a good program but the
    user interface is not very intuitive. You really have to poke around and
    figure it out. I guess they had no UAT budget.
     
    John, Jul 21, 2009
    #4
  6. John

    John Guest

    GMER found it but then again I already knew it was there. I used GMER to
    disable it, but I probably could have done that from Device Manager. In any
    case, hopefully it has been eradicated. I've rebooted and will do more scans
    to be assured. Thanks David!
     
    John, Jul 21, 2009
    #5

Share This Page