Infected With Seneka.sys Trojan
File: seneka.sys.vir Location of seneka.sys.vir and Associated Malware Check whether seneka.sys.vir is present in the following locations: seneka.sys.vir file locations that are Windows version independent: C:\Windows\System32\Drivers\seneka.sys.vir If you find seneka.sys.vir file So, after a restart, it can't find any sign of Backdoor.Tidserv!inf or any new trojans. Download SDFix and save to your Desktop.2. It's saved me a couple of times. http://lsthemes.com/infected-with/infected-with-happili-trojan-google-redirect-generic-28-afxs-trojan.html
Share this post Link to post Share on other sites sandun New Member Topic Starter Members 19 posts ID: 5 Posted January 6, 2009 OK, here is what I I get this file each time: --## An unexpected error has been detected by Java Runtime Environment:## EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x6d06fe12, pid=2028, tid=1936## Java VM: Java HotSpot(TM) Client VM (11.0-b15 mixed mode, You have to disable the drivers, Reboot, then Remove. Quads mmetzger Visitor2 Reg: 02-Jan-2009 Posts: 4 Solutions: 0 Kudos: 1 Kudos0 Re: Seneka Rootkit with TDSServ Posted: 03-Jan-2009 | 4:28PM • Permalink 1. you could try here
If I have the other logs, will post those too. Quads Floating_Red Rootkit Eradicator19 Reg: 30-May-2008 Posts: 5,237 Solutions: 32 Kudos: 597 Kudos0 Re: Seneka Rootkit with TDSServ Posted: 07-Feb-2009 | 2:39AM • Permalink Before Running any Anti-Virus Scan, e.g. The file will not be moved unless listed separately.) U2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) ===================== Drivers
Try downloading SuperAntispyware Free, installing, update the definitions, then do a full scan is Safe Mode also. Sign Up This Topic All Content This Topic This Forum Advanced Search Browse Forums Guidelines Staff Online Users Members More Activity All Activity My Activity Streams Unread Content Content I Started Did not see the senek*.* with a `dir /o-d`which was weird (Not a novice but just dangerous enough to know I will screw up something serious). :) That link to MalwareBytes You may wish to print this out since you need to close this browser.STEP1Make a new folder on your system C:\TEMPHOLDDownload IceSword English Version 1.22Extract / copy the files to C:\is_enThat
Then start it, a little window will open. First you have to select the language you want, so for English Type "e" then press Enter. Hope you are doing OK.Please do this.===================================================Testing a New User Profile--------------Press the windows key + r on your keyboard at the same timeType cmd then press the Shift, Ctrl, + Enter Were you able to use Kaspersky's online scanner?? Quads Ogre01 Newbie1 Reg: 05-Jan-2009 Posts: 2 Solutions: 0 Kudos: 0 Kudos0 Re: Seneka Rootkit with TDSServ Posted: 05-Jan-2009 | 11:09AM • Permalink Quads, A great many thanks for your discovery
Running the scan twice in safe-mode (with a reboot between scans) did the trick - malwarebytes found the files and the senekaXXXX.temp file. Thanks a ton for your help - symantec So when you and I are back online I have a scanning progran that does not need to be installed, like Hijackthis. It's saved me a couple of times. Quads Message Edited by Quads on 01-06-2009 04:22 PM Quads Norton Fighter25 Reg: 21-Jul-2008 Posts: 16,481 Solutions: 182 Kudos: 3,388 Kudos1 Stats Re: Seneka Rootkit with TDSServ Posted: 05-Jan-2009 | 8:17PM
Quads Message Edited by Quads on 02-02-2009 05:18 PM StrangeCandii Contributor4 Reg: 01-Feb-2009 Posts: 16 Solutions: 0 Kudos: 0 Kudos0 Re: prunnet.exe [ Seneka / TDSS, rootkit ] Posted: 01-Feb-2009 | https://community.norton.com/en/forums/seneka-rootkit-tdsserv Please run the following.Malwarebytes' Anti-MalwareStart MalwareBytes AntiMalware Update Malwarebytes' Anti-Malware Select the Update tabClick Update[*]When the update is complete, select the Scanner tab[*]Select Perform quick scan, then click Scan.[*]When the scan You make a good point re: rootkit may have been silently resident until I used MBAM.I will wait for your advice on detection and possible removal of the rootkit/trojan. Sign In Sign Up Browse Back Browse Forums Guidelines Staff Online Users Members Activity Back Activity All Activity My Activity Streams Unread Content Content I Started Search Malwarebytes.com Back Malwarebytes.com Malwarebytes
Download SDFix and save to your Desktop.2. http://lsthemes.com/infected-with/infected-with-80000000-trojan-zeroaccess-c-and-trojan-gen-2.html Quads Norton Fighter25 Reg: 21-Jul-2008 Posts: 16,481 Solutions: 182 Kudos: 3,388 Kudos0 Re: prunnet.exe [ Seneka / TDSS, rootkit ] Posted: 01-Feb-2009 | 9:28PM • Permalink Hi I updated my last Do you in the list also have an entry named "windosws servers"?? Quads Quads Norton Fighter25 Reg: 21-Jul-2008 Posts: 16,481 Solutions: 182 Kudos: 3,388 Kudos0 Re: prunnet.exe [ Seneka / TDSS, You have to disable the drivers, Reboot, then Remove.
Additional Information This Trojan may be dropped by document files containing exploits. (Trojan.Mdropper)When the Trojan is executed, it creates the following files: %Temp%\ie.log %Temp%\netmgr.dll %Temp%\netmgr.exe %Temp%\perf2012.ini %Temp%\sysinfo2012.dll %Temp%\sysinfo2012.dll %Temp%\winlogin.exe %UserProfile%\Start Menu\Programs\Startup\netmgr.lnk seeing as the LSP is BAD it could be causing side effects from in windows, Malware can cause the "floating point error" Are you saying you can't download from Quads StrangeCandii When you delete/remove the infection the system restore can place them back as what it sees as a system file is missing, and you can end up back at square one.
Paste that into notepad or into your next reply post please.Click OK and quit the GMER program.
O23 - Service: Symantec Auto-upgrade Agent (Smcinst) - Unknown owner - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe (file missing) Then Click "Fix Checked" Is the "senekaxxxx.tmp" now gone?? On the Edit menu, select Find. Thanks, Lynne For whatever it's worth here are the FRST and Additions: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2017 Ran by Lynne (administrator) on LYNNE-PC (24-01-2017 Quads Norton Fighter25 Reg: 21-Jul-2008 Posts: 16,481 Solutions: 182 Kudos: 3,388 Kudos1 Stats Re: Seneka Rootkit with TDSServ Posted: 05-Jan-2009 | 8:57PM • Permalink Do you have that log from MBAM
Oh and Hijackthis is not a toy at all to play with ticking willy nilly, that is why people get me or another user to look at logs to see what If a “Security Warning window opens”, click on the Run button.3. Download SuperAntispyware Free http://www.superantispyware.com/download.html Install, update the definitions and run a "Full Scan" See how that goes Quads StrangeCandii Contributor4 Reg: 01-Feb-2009 Posts: 16 Solutions: 0 Kudos: 0 Kudos0 Re: prunnet.exe [ Seneka this content Note: In the case of complex viruses that can replicate themselves, malware files can reappear in the same locations even after you have deleted those files and restarted your computer.
Norton, Malwarebytes' Anti-Malware, e.t.c., you should in this order: 01. or read our Welcome Guide to learn how to use this site. Please be sure to copy and paste any requested log information unless you are asked to attach it. The drivers are in use 1.
Notes:If this error message is displayed when running SDFix: The command prompt has been disabled by your administrator. Using the site is easy and fun.