TDSSserv.sys hidden files

  • Thread starter Thread starter John
  • Start date Start date
J

John

Guest
I regularly update & scan with Avira AntiVir, MBAM, and Spybot. My computer
seems to be fine but Avira is finding these 5 "hidden files":

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys\modules
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys\start
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys\type
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys\imagepath
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys\group
[INFO] The registry entry is invisible.
'91290' objects were checked, '5' hidden objects were found.

I went into Device Manager and can see TDSSserv.sys as a non-plug-n-play
driver with an exclamation point in a yellow circle next to it. I can
certainly disable it from there but figured I'd run MBAM and Spybot first to
see if they remove it. It bugs me that Avira detects it but doesn't do
anything about it. That doesn't seem to be very helpful.

Anyway, just looking for advice about what to do. Should I disable it in
Device Manager? It does seem to be a known Trojan.

Thanks
 
From: "John"

| I regularly update & scan with Avira AntiVir, MBAM, and Spybot. My computer
| seems to be fine but Avira is finding these 5 "hidden files":

| Starting search for hidden objects.
| HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys\modules
| [INFO] The registry entry is invisible.
| HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys\start
| [INFO] The registry entry is invisible.
| HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys\type
| [INFO] The registry entry is invisible.
| HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys\imagepath
| [INFO] The registry entry is invisible.
| HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys\group
| [INFO] The registry entry is invisible.
| '91290' objects were checked, '5' hidden objects were found.

| I went into Device Manager and can see TDSSserv.sys as a non-plug-n-play
| driver with an exclamation point in a yellow circle next to it. I can
| certainly disable it from there but figured I'd run MBAM and Spybot first to
| see if they remove it. It bugs me that Avira detects it but doesn't do
| anything about it. That doesn't seem to be very helpful.

| Anyway, just looking for advice about what to do. Should I disable it in
| Device Manager? It does seem to be a known Trojan.

| Thanks



Yes it is a known trojan, TDSserv is a trojan RootKit.

Scan with Gmer.
http://www.gmer.net/


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
"David H. Lipman" wrote in message
news:ud2tCImCKHA.4168@TK2MSFTNGP05.phx.gbl...
> From: "John"
>
> | I regularly update & scan with Avira AntiVir, MBAM, and Spybot. My
> computer
> | seems to be fine but Avira is finding these 5 "hidden files":
>
> | Starting search for hidden objects.
> | HKEY_LOCAL_MACHINESystemControlSet001ServicesTDSSserv.sysmodules
> | [INFO] The registry entry is invisible.
> | HKEY_LOCAL_MACHINESystemControlSet001ServicesTDSSserv.sysstart
> | [INFO] The registry entry is invisible.
> | HKEY_LOCAL_MACHINESystemControlSet001ServicesTDSSserv.systype
> | [INFO] The registry entry is invisible.
> | HKEY_LOCAL_MACHINESystemControlSet001ServicesTDSSserv.sysimagepath
> | [INFO] The registry entry is invisible.
> | HKEY_LOCAL_MACHINESystemControlSet001ServicesTDSSserv.sysgroup
> | [INFO] The registry entry is invisible.
> | '91290' objects were checked, '5' hidden objects were found.
>
> | I went into Device Manager and can see TDSSserv.sys as a non-plug-n-play
> | driver with an exclamation point in a yellow circle next to it. I can
> | certainly disable it from there but figured I'd run MBAM and Spybot
> first to
> | see if they remove it. It bugs me that Avira detects it but doesn't do
> | anything about it. That doesn't seem to be very helpful.
>
> | Anyway, just looking for advice about what to do. Should I disable it in
> | Device Manager? It does seem to be a known Trojan.
>
> | Thanks
>
>
>
> Yes it is a known trojan, TDSserv is a trojan RootKit.
>
> Scan with Gmer.
> http://www.gmer.net/
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>

Thanks David. I will try that when MBAM finishes.
 
"John" wrote in message
news:uenbTMmCKHA.4792@TK2MSFTNGP05.phx.gbl...
>
> "David H. Lipman" wrote in message
> news:ud2tCImCKHA.4168@TK2MSFTNGP05.phx.gbl...
>> From: "John"
>>
>> | I regularly update & scan with Avira AntiVir, MBAM, and Spybot. My
>> computer
>> | seems to be fine but Avira is finding these 5 "hidden files":
>>
>> | Starting search for hidden objects.
>> | HKEY_LOCAL_MACHINESystemControlSet001ServicesTDSSserv.sysmodules
>> | [INFO] The registry entry is invisible.
>> | HKEY_LOCAL_MACHINESystemControlSet001ServicesTDSSserv.sysstart
>> | [INFO] The registry entry is invisible.
>> | HKEY_LOCAL_MACHINESystemControlSet001ServicesTDSSserv.systype
>> | [INFO] The registry entry is invisible.
>> | HKEY_LOCAL_MACHINESystemControlSet001ServicesTDSSserv.sysimagepath
>> | [INFO] The registry entry is invisible.
>> | HKEY_LOCAL_MACHINESystemControlSet001ServicesTDSSserv.sysgroup
>> | [INFO] The registry entry is invisible.
>> | '91290' objects were checked, '5' hidden objects were found.
>>
>> | I went into Device Manager and can see TDSSserv.sys as a
>> non-plug-n-play
>> | driver with an exclamation point in a yellow circle next to it. I can
>> | certainly disable it from there but figured I'd run MBAM and Spybot
>> first to
>> | see if they remove it. It bugs me that Avira detects it but doesn't do
>> | anything about it. That doesn't seem to be very helpful.
>>
>> | Anyway, just looking for advice about what to do. Should I disable it
>> in
>> | Device Manager? It does seem to be a known Trojan.
>>
>> | Thanks
>>
>>
>>
>> Yes it is a known trojan, TDSserv is a trojan RootKit.
>>
>> Scan with Gmer.
>> http://www.gmer.net/
>>
>>
>> --
>> Dave
>> http://www.claymania.com/removal-trojan-adware.html
>> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>>
>>
>
> Thanks David. I will try that when MBAM finishes.

Actually I have also found a way to do a rootkit search w/ Avira so I'm
doing that while MBAM runs. Avira Ant-Vir seems to be a good program but the
user interface is not very intuitive. You really have to poke around and
figure it out. I guess they had no UAT budget.
 
GMER found it but then again I already knew it was there. I used GMER to
disable it, but I probably could have done that from Device Manager. In any
case, hopefully it has been eradicated. I've rebooted and will do more scans
to be assured. Thanks David!
 
You must log in or register to reply here.

Similar threads

J
Found 'sc.exe' in BAM User Settings in Registry- Confused as to Why It Has Appearer
Replies
0
Views
7
JamLow
J
Windows Server
Cant connect bluetooth devices. Cannot remove exsting bluetooth devices.
Replies
0
Views
5
Windows Server
Windows Server
A
Windows Update is disabled
Replies
0
Views
14
Anjo Labrador
A
J
Found 'sc.exe' in BAM User Settings in Registry- Confused as to Why It Has Appearer
Replies
0
Views
14
JamLow
J
A
Windows Update is disabled
Replies
0
Views
11
Anjo Labrador
A
Back
Top