July 27, 2013 17:28 WOW64.dll Error #231878
Reply with Quote | Quick Reply | Top
NecronLord666

Avatar

Novice
Join Date: 27.7.2013
Posts: 5
Hey everyone,
When I right click on anything on my desk top i am getting an error. the threat says trojan horse TDSS.CA

the object name is : c:\users\tyler\appdata\local\temp\sexoswv\sxpdext\wow64.dll

i cant find any solution online anywhere for this. any help would be greatly appreciated
July 27, 2013 17:53 Re: WOW64.dll Error #231880
Reply with Quote | Quick Reply | Top
shadowsports

Avatar

Novice
Join Date: 19.7.2009
Posts: 97
Did you try Google?..

http://usa.kaspersky.com/downloads/tdsskiller

Hope it helps. cool


Sys1: P8Z68 Deluxe/Gen3 (BIOS 3603), i7-2600k@3.5, 16GB Corsair Vengeance @1600+,
Corsair TX850w PSU, EVGA GTX660 FTW Sig2, 2x Corsair Force III 120's RAID0 (boot),
1 x Seagate 1T 6GB (data), Win7x64 Ult. Case: HAF 922 / Win8 Pro x64

Sys2: P8Z77V-LE Plus, i5-3570k, 16GB RAM, GTX560Ti DS SC, Intel 520SSD...

NAS
QNAP TS-219P-II 4TB
DNS-323 4TB

Router
2x WNDR4500 v1 f/w 1.0.20
July 28, 2013 03:16 Re: WOW64.dll Error #231885
Reply with Quote | Quick Reply | Top
NecronLord666

Avatar

Novice
Join Date: 27.7.2013
Posts: 5
kaspersky tdsskiller..

yes i have. i have actually seen posts saying this is a "false positive" however even if true its still extremely annoying having this popup after every right click. i just ran the kasperski tdsskiller and it came back with no errors. any other help would be greatly appreciated! thank you
July 28, 2013 12:32 Re: WOW64.dll Error #231894
Reply with Quote | Quick Reply | Top
BIG AL 43

Avatar

Moderator
Join Date: 18.6.2009
Posts: 23803
NecronLord666 wrote
i have actually seen posts saying this is a "false positive"

Have a look @ this Announcement post link How To Handle Suspicious False Positive Detection? & please follow all the instructions.... False positives have also been covered recently in Weekly Overviews.. For example have a look @ Weekly Overview: 20/2013 (Scroll Down).. False positive alarms. Subscribe to this RSS feed if you want to be notified about new Weekly Overviews.


AVG Forums Volunteer ModeratorAVG Forum member since - Nov. 27, 2004My total posts on the Old AVG Free Forum - 27,063
Alan
How-To Articles | FAQ | Free Support
July 28, 2013 14:52 Re: WOW64.dll Error #231900
Reply with Quote | Quick Reply | Top
shadowsports

Avatar

Novice
Join Date: 19.7.2009
Posts: 97
Need Clarification..

NecronLord666 wrote
Hey everyone,
When I right click on anything on my desk top i am getting an error. the threat says trojan horse TDSS.CA

the object name is : c:\users\tyler\appdata\local\temp\sexoswv\sxpdext\wow64.dll

i cant find any solution online anywhere for this. any help would be greatly appreciated

-Greetings,
The right click behavior you describe... Only occurs when you right-click files located on your desktop, or any file in any location?

-What error displays? AVG alert? Be specific.. post screen shot, etc.

-WoW64 is a program that acts as a compatibility layer between 64 and 32 bit windows. Specifically, its used by your processor in the execution of code. Example x64 processor running x86 code. The file normally resides in C:\Windows\System32. It should not be hanging out in your temporary internet files. Delete It

1.Start button, click Control Panel, click Network and Internet, and then click Internet Options.
2.Click the General tab, and then click Delete under Browsing history.
3.Click Delete all, click Yes to confirm that you want to delete this information, and then click OK.

Restart your machine. Test for proper right-click behavior. Post the information I requested. We'll move forward from there...


Sys1: P8Z68 Deluxe/Gen3 (BIOS 3603), i7-2600k@3.5, 16GB Corsair Vengeance @1600+,
Corsair TX850w PSU, EVGA GTX660 FTW Sig2, 2x Corsair Force III 120's RAID0 (boot),
1 x Seagate 1T 6GB (data), Win7x64 Ult. Case: HAF 922 / Win8 Pro x64

Sys2: P8Z77V-LE Plus, i5-3570k, 16GB RAM, GTX560Ti DS SC, Intel 520SSD...

NAS
QNAP TS-219P-II 4TB
DNS-323 4TB

Router
2x WNDR4500 v1 f/w 1.0.20
July 28, 2013 15:30 Re: WOW64:dll Error #231903
Reply with Quote | Quick Reply | Top
NecronLord666

Avatar

Novice
Join Date: 27.7.2013
Posts: 5
After deleting my internet files i have restarted and it is still continuing. This behavior only happens on the desktop files.

I forgot to mention that the folder after the temp folder that it is stating the dll is in does not even exist. (sexoswv) I have uploaded a picture of the threat.

Thank you.
Error.jpg
July 28, 2013 16:23 Re: WOW64:dll Error #231906
Reply with Quote | Quick Reply | Top
shadowsports

Avatar

Novice
Join Date: 19.7.2009
Posts: 97
Only happens on desktop folders/files ok. And when you right-click on one, you don't see a context menu... AVG just immediately pops up an alert?

Question, if you perform a Google Search.... are you redirected to funny sites, strange results, etc?

The folder the file was/is in does not likely display because it was probably marked "hidden" to hide itself. Although deleted, it probably has a way to replicate itself by running in memory or hiding itself as another process.

If you don't see a context menu (right-click), changes to your registry could have occurred.

If the file wasn't located in the Temp Internet Files dir, I'd tell you not to worry about it... but the fact that it is/was and you are experiencing the strange behavior on your desktop warrants further investigation.

Please restart in SAFE mode and re-run the Kaspersky tool.

I would also suggest running GMER.... www.gmer.net

Look for anything it marks as ***suspicious or TDL4@MBR code... examples

http://www2.gmer.net/rootkits.php

Report those results

After gmer runs... look at section 5 on this page:

http://support.kaspersky.com/2663?el=88446#

And see if any of the examples resemble behavior on your system.

If anything suspicious is reported/found, I would download AVG Rescue CD, MS Defender Offline scanner, MalwareBytes Chameleon Tool and scan with these tools as well. A unified systematic attack on a threat or suspected threat is normally the best way to terminate the process and ensure a clean system. Follow up with a sfc /scannow to ensure windows files integrity. Since variants of this trojan family can also make changes to the disk, (precautionary step) I would run a chkdsk /r from a command prompt.

While some of this might be overkill, it removes any doubt of infection.


Sys1: P8Z68 Deluxe/Gen3 (BIOS 3603), i7-2600k@3.5, 16GB Corsair Vengeance @1600+,
Corsair TX850w PSU, EVGA GTX660 FTW Sig2, 2x Corsair Force III 120's RAID0 (boot),
1 x Seagate 1T 6GB (data), Win7x64 Ult. Case: HAF 922 / Win8 Pro x64

Sys2: P8Z77V-LE Plus, i5-3570k, 16GB RAM, GTX560Ti DS SC, Intel 520SSD...

NAS
QNAP TS-219P-II 4TB
DNS-323 4TB

Router
2x WNDR4500 v1 f/w 1.0.20
July 29, 2013 03:38 Re: WOW64:dll Error #231921
Reply with Quote | Quick Reply | Top
NecronLord666

Avatar

Novice
Join Date: 27.7.2013
Posts: 5
Thanks for putting in the time for me shadowsports. i am not redirected to weird sites on google at all. i havent noticed any symptoms of this threat at all besides the right click. also i CAN access the context menu after putting the threat window to the back.
These next two days i will be extremely busy with work and will have to run these programs at a later time. i hope by wednesday night i will have this next step done and some feedback to give you. i hope this is not an issue. thanks!!
July 30, 2013 22:33 Re: WOW64.dll Error #232014
Reply with Quote | Quick Reply | Top
shadowsports

Avatar

Novice
Join Date: 19.7.2009
Posts: 97
NP..

Not an issue for me.


Sys1: P8Z68 Deluxe/Gen3 (BIOS 3603), i7-2600k@3.5, 16GB Corsair Vengeance @1600+,
Corsair TX850w PSU, EVGA GTX660 FTW Sig2, 2x Corsair Force III 120's RAID0 (boot),
1 x Seagate 1T 6GB (data), Win7x64 Ult. Case: HAF 922 / Win8 Pro x64

Sys2: P8Z77V-LE Plus, i5-3570k, 16GB RAM, GTX560Ti DS SC, Intel 520SSD...

NAS
QNAP TS-219P-II 4TB
DNS-323 4TB

Router
2x WNDR4500 v1 f/w 1.0.20
February 11, 2014 06:52 Disapproved post #240043
jackadision

Avatar

Novice
Join Date: 21.10.2013
Posts: 1
The post has been evaluated as inappropriate and therefore it was disapproved.