I'm looking for help in removing my Trojan horse TDSS.CA.
Computer: Windows 7 / HP Pavilion dv7-6135dx Entertainment PC Virus Detection: AVG version 2013 build 3349 (free version); Avast! (free version) Malware: Malwarebytes (free); SUPERAntiSpyWare (free) Exact error message: see attached screenshots
In response to finding the White Trader icon on my desktop, I downloaded the above virus and malware software and spent the last 24 hours scanning my laptop with Avast! & the malware. When I found that White Trader was still on the desktop, I googled some more and found AVG. I downloaded it -- and it found the trojan. However, it could not remove the threat. I did a Safe Start and re-ran AVG. Nothing was found.
However – when I reboot my computer or when I left-click on the White Trader icon, the AVG detection box pops up, noting the presence of the Trojan Horse TDSS.CA. I click the “protect me” option, but then AVG says, “Removing of threat has failed.”
Please help. I'm not certain what my next step should be. Thank you, in advance, for whatever help/advice/thoughts you can provide!
Note: I am a relative newbie, though I can follow directions.
The Trojan is resident in memory and has set up several ways to replicate itself should you find a way to delete it without terminating the viral process
What is a "White Trader icon"?
I also found these additional steps which may help.
Press the "Ctrl," "Shift" and "Esc" keys at the same time to open Task Manager.
Click the "Processes" tab in the Task Manager window.
Select "wow64main.exe" from the list of processes and click "End Process" at the bottom of the window. Select "svchost.exe" from the list of processes and click "End Process" at the bottom of the window.
Close Task Manager.
Remove Registry Entry
Go to the "Start" menu, type "regedit" in the "Start Search" menu and press "Enter" to start the registry editor.
Delete the following registry entry:
Close the registry editor.
Go to the "Start" menu, type "cmd" in the "Start Search" box and press "Enter" to open the command line window.
Type "regsvr32 /u lasmcnyjaa.dll" in the command line window and press "Enter" to unregister the DLL.
Repeat Step 2 for "osajuhzzwtyo.dll," "mdqhqxcejju.dll," "TDSSnrse.dll," "TDSSfpmp.dll," "TDSSoeqh.dll," "TDSSliqp.dll," "TDSSciou.dll," "TDSScfgb.dll," "TDSSnrsr.dll," "TDSSriqp.dll" and "TDSScfub.dll."
Close the command line window.
Find and Delete Files
Go to the "Start" menu, type "wow64main.exe" in the "Start Search" box and press "Enter." Delete all found files.
I understand your reluctance. If you are uncertain how to proceed, you should seek help from someone more experienced in removing threats. Unexpected results including data loss can result if you change or delete something you shouldn't.
Every virus and trojan are different. The tools and solutions effective today, may not work when a new variant is released. Some variants are introduced to defeat existing solutions. Others can actually spawn into new threats depending on how they are created. No one tool is 100% effective. This is why new definitions have to be created and updated regularly.
One of the guys in the office recommended this tool.
If successful, scan with a few different tools to ensure you are virus free. Then pick one to stick with. On a regular basis don't use more than one AV solution. The free version of malwarebytes is neutral. I usually install it on any system I clean... in conjunction with the AV product the client has chosen. Except McAfee... That I uninstall as soon as I have control of a system again. I just replace it with AVG unless they are using SEP, Avast... etc. AVG is one of the better products available.
Sys1: P8Z68 Deluxe/Gen3 (BIOS 3603), firstname.lastname@example.org, 16GB Corsair Vengeance @1600+,
Corsair TX850w PSU, EVGA GTX660 FTW Sig2, 2x Corsair Force III 120's RAID0 (boot),
1 x Seagate 1T 6GB (data), Win7x64 Ult. Case: HAF 922 / Win8 Pro x64