You are not logged in.

Tuesday, July 29th 2014, 8:48pm

The Avira Forum will be moved to the new platform Avira Answers soon. We'll make the transition of existing user profiles and threads as smooth as possible.
New visitors are able to log in on Avira Answers with the existing Avira account directly or sign up with a new account.

  • "Plop69" started this thread

Date of registration:
Oct 6th 2013

Version:
Avira Free Antivirus

Operating System:
Windows 7 SP1

  • Send private message

1

Sunday, October 6th 2013, 5:42pm

BOO/TDss.O Virus Master boot sector

Bonjour à tous.

Je fais appel à votre aide concernant un virus, qui, semble t-il, est très coriace.

Voici les rapports que j'obtiens au boot du PC sur Windows 7:
A virus or unwanted program 'BOO/TSss.O' was found in 'Master boot sector' of drive C:
puis:
A virus or unwanted program 'BOO/TSss.O' was found in 'Master boot sector' of drive D:
puis de nouveau:
A virus or unwanted program 'BOO/TSss.O' was found in 'Master boot sector' of drive Master boot sector HD0

Voici donc le rapport que j'obtiens:Avira Free Antivirus

Quoted

Report file date: vendredi 4 octobre 2013 16:47


The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 Professional
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : Système
Computer name : XAVIER-PC

Version information:
BUILD.DAT : 14.0.0.383 55392 Bytes 30/09/2013 11:01:00
AVSCAN.EXE : 14.0.0.383 968776 Bytes 01/10/2013 12:21:25
AVSCANRC.DLL : 14.0.0.225 52296 Bytes 01/10/2013 12:21:25
LUKE.DLL : 14.0.0.383 65096 Bytes 01/10/2013 12:21:30
AVSCPLR.DLL : 14.0.0.383 92232 Bytes 01/10/2013 12:21:25
AVREG.DLL : 14.0.0.383 250440 Bytes 01/10/2013 12:21:24
avlode.dll : 14.0.0.383 512584 Bytes 01/10/2013 12:21:24
avlode.rdf : 13.0.1.42 26846 Bytes 28/08/2013 15:27:01
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04/04/2013 11:32:53
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30/04/2013 16:18:22
VBASE002.VDF : 7.11.80.60 2751488 Bytes 28/05/2013 13:57:21
VBASE003.VDF : 7.11.85.214 2162688 Bytes 21/06/2013 12:39:55
VBASE004.VDF : 7.11.91.176 3903488 Bytes 23/07/2013 14:39:18
VBASE005.VDF : 7.11.98.186 6822912 Bytes 29/08/2013 14:49:57
VBASE006.VDF : 7.11.103.230 2293248 Bytes 24/09/2013 11:36:42
VBASE007.VDF : 7.11.103.231 2048 Bytes 24/09/2013 11:36:42
VBASE008.VDF : 7.11.103.232 2048 Bytes 24/09/2013 11:36:42
VBASE009.VDF : 7.11.103.233 2048 Bytes 24/09/2013 11:36:42
VBASE010.VDF : 7.11.103.234 2048 Bytes 24/09/2013 11:36:42
VBASE011.VDF : 7.11.103.235 2048 Bytes 24/09/2013 11:36:42
VBASE012.VDF : 7.11.103.236 2048 Bytes 24/09/2013 11:36:42
VBASE013.VDF : 7.11.103.237 2048 Bytes 24/09/2013 11:36:42
VBASE014.VDF : 7.11.104.123 282112 Bytes 26/09/2013 11:52:04
VBASE015.VDF : 7.11.104.237 359424 Bytes 28/09/2013 16:32:31
VBASE016.VDF : 7.11.105.103 195072 Bytes 02/10/2013 12:10:26
VBASE017.VDF : 7.11.105.104 2048 Bytes 02/10/2013 12:10:26
VBASE018.VDF : 7.11.105.105 2048 Bytes 02/10/2013 12:10:26
VBASE019.VDF : 7.11.105.106 2048 Bytes 02/10/2013 12:10:27
VBASE020.VDF : 7.11.105.107 2048 Bytes 02/10/2013 12:10:27
VBASE021.VDF : 7.11.105.108 2048 Bytes 02/10/2013 12:10:27
VBASE022.VDF : 7.11.105.109 2048 Bytes 02/10/2013 12:10:27
VBASE023.VDF : 7.11.105.110 2048 Bytes 02/10/2013 12:10:27
VBASE024.VDF : 7.11.105.111 2048 Bytes 02/10/2013 12:10:28
VBASE025.VDF : 7.11.105.112 2048 Bytes 02/10/2013 12:10:28
VBASE026.VDF : 7.11.105.113 2048 Bytes 02/10/2013 12:10:28
VBASE027.VDF : 7.11.105.114 2048 Bytes 02/10/2013 12:10:28
VBASE028.VDF : 7.11.105.115 2048 Bytes 02/10/2013 12:10:28
VBASE029.VDF : 7.11.105.116 2048 Bytes 02/10/2013 12:10:28
VBASE030.VDF : 7.11.105.117 2048 Bytes 02/10/2013 12:10:29
VBASE031.VDF : 7.11.105.194 401920 Bytes 03/10/2013 10:24:04
Engine version : 8.2.12.126
AEVDF.DLL : 8.1.3.4 102774 Bytes 13/06/2013 17:36:05
AESCRIPT.DLL : 8.1.4.154 512382 Bytes 02/10/2013 12:10:38
AESCN.DLL : 8.1.10.4 131446 Bytes 26/03/2013 16:28:28
AESBX.DLL : 8.2.16.26 1245560 Bytes 26/08/2013 18:59:23
AERDL.DLL : 8.2.0.128 688504 Bytes 13/06/2013 17:36:05
AEPACK.DLL : 8.3.2.30 749945 Bytes 02/10/2013 12:10:37
AEOFFICE.DLL : 8.1.2.76 205181 Bytes 08/08/2013 17:00:40
AEHEUR.DLL : 8.1.4.676 6201722 Bytes 02/10/2013 12:10:35
AEHELP.DLL : 8.1.27.6 266617 Bytes 27/08/2013 15:08:15
AEGEN.DLL : 8.1.7.14 446839 Bytes 06/09/2013 16:07:11
AEEXP.DLL : 8.4.1.62 328055 Bytes 13/09/2013 14:07:13
AEEMU.DLL : 8.1.3.2 393587 Bytes 19/09/2012 13:42:55
AECORE.DLL : 8.1.32.0 201081 Bytes 26/08/2013 18:59:21
AEBB.DLL : 8.1.1.4 53619 Bytes 05/11/2012 16:55:46
AVWINLL.DLL : 14.0.0.225 23624 Bytes 01/10/2013 12:19:57
AVPREF.DLL : 14.0.0.225 48712 Bytes 01/10/2013 12:21:24
AVREP.DLL : 14.0.0.225 175688 Bytes 01/10/2013 12:21:24
AVARKT.DLL : 14.0.0.225 257096 Bytes 01/10/2013 12:21:23
AVEVTLOG.DLL : 14.0.0.383 165960 Bytes 01/10/2013 12:21:24
SQLITE3.DLL : 3.7.0.1 397088 Bytes 19/09/2012 17:17:40
AVSMTP.DLL : 14.0.0.225 60488 Bytes 01/10/2013 12:21:25
NETNT.DLL : 14.0.0.225 13384 Bytes 01/10/2013 12:21:30
RCIMAGE.DLL : 14.0.0.225 4788808 Bytes 01/10/2013 12:19:57
RCTEXT.DLL : 14.0.0.225 66632 Bytes 01/10/2013 12:19:57

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended

Start of the scan: vendredi 4 octobre 2013 16:47

Start scanning boot sectors:
Boot sector 'HDD0(C:, D:)'
[DETECTION] Contains code of the BOO/TDss.O boot sector virus
[WARNING] The boot sector cannot be repaired! You can find more information in the help.

Starting search for hidden objects.
An ARK library instance is already running.

The scan of running processes will be started:
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'atiesrxx.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '67' Module(s) have been scanned
Scan process 'svchost.exe' - '107' Module(s) have been scanned
Scan process 'svchost.exe' - '85' Module(s) have been scanned
Scan process 'svchost.exe' - '140' Module(s) have been scanned
Scan process 'svchost.exe' - '85' Module(s) have been scanned
Scan process 'atieclxx.exe' - '34' Module(s) have been scanned
Scan process 'spoolsv.exe' - '82' Module(s) have been scanned
Scan process 'sched.exe' - '58' Module(s) have been scanned
Scan process 'taskhost.exe' - '68' Module(s) have been scanned
Scan process 'svchost.exe' - '69' Module(s) have been scanned
Scan process 'Dwm.exe' - '34' Module(s) have been scanned
Scan process 'Explorer.EXE' - '152' Module(s) have been scanned
Scan process 'armsvc.exe' - '28' Module(s) have been scanned
Scan process 'avguard.exe' - '100' Module(s) have been scanned
Scan process 'svchost.exe' - '50' Module(s) have been scanned
Scan process 'svchost.exe' - '50' Module(s) have been scanned
Scan process 'svchost.exe' - '21' Module(s) have been scanned
Scan process 'svchost.exe' - '21' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'XBoxStat.exe' - '32' Module(s) have been scanned
Scan process 'sidebar.exe' - '107' Module(s) have been scanned
Scan process 'hpwuschd2.exe' - '24' Module(s) have been scanned
Scan process 'avgnt.exe' - '97' Module(s) have been scanned
Scan process 'MOM.exe' - '70' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '75' Module(s) have been scanned
Scan process 'svchost.exe' - '62' Module(s) have been scanned
Scan process 'WLIDSVC.EXE' - '62' Module(s) have been scanned
Scan process 'CCC.exe' - '182' Module(s) have been scanned
Scan process 'WLIDSvcM.exe' - '17' Module(s) have been scanned
Scan process 'avscan.exe' - '118' Module(s) have been scanned
Scan process 'avscan.exe' - '120' Module(s) have been scanned
Scan process 'avscan.exe' - '113' Module(s) have been scanned
Scan process 'avshadow.exe' - '28' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '49' Module(s) have been scanned
Scan process 'svchost.exe' - '9' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '96' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '33' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '27' Module(s) have been scanned
Scan process 'Reader_sl.exe' - '36' Module(s) have been scanned
Scan process 'ipmGui.exe' - '32' Module(s) have been scanned
Scan process 'avnotify.exe' - '88' Module(s) have been scanned
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'DllHost.exe' - '45' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'lsass.exe' - '61' Module(s) have been scanned
Scan process 'lsm.exe' - '16' Module(s) have been scanned
Scan process 'winlogon.exe' - '31' Module(s) have been scanned

Starting to scan executable files (registry):

The registry was scanned ( '2151' files ).


Starting the file scan:

Begin scan in 'C:\'


End of the scan: vendredi 4 octobre 2013 16:49
Used time: 02:00 Minute(s)

The scan has been canceled!

82 Scanned directories
6029 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
6029 Files not concerned
59 Archives were scanned
1 Warnings
0 Notes
A la recherche de cet incident, j'ai pas mal farfouillé sur le net, et notamment sur ce forum. J'ai testé jusqu’à présent:
Un scan en mode sans echec => n'a pas fonctionné.
Un scan avec le CD antivir Rescue System => n'a pas fonctionné.
Un boot sur Antivir Boot Wizard => n'a pas fonctionné.

J'ai lu quelque part que quelqu'un avait résolu un problème similaire avec TDSSkiller. De mon coté, je n'ai pas d'option "Cure" proposée.




J'ai également essayé TDSS Fix Tool 2.1.3 => n'a pas fonctionné.

Finalement, là je pêche... et fait appel à vos services :(

J'ai bien trouvé ce lien là:
http://blog.yoocare.com/how-to-manually-…l-removal-help/
Mais ça me semble un peu simple non? Simplement supprimer le contenu d'une clée de registre?

Si vous avez une idée, je suis preneur! ;(

Merci d'avance. ;)

Plop69

johnyjohn

Moderator

Date of registration:
Mar 28th 2008

Version:
Avira Free Antivirus
Avira Ultimate Protection Suite
Avira Android Security

Operating System:
Windows

  • Send private message

2

Sunday, October 6th 2013, 9:07pm

Bonjour,

Ah, si vous avez déjà essayé tout ça, je vous invite à créer un sujet sur le forum suivant pour procéder à la désinfection de votre machine : https://forum.malekal.com/virus-aide-mal…res-hijack.html
Les helpers y sont forts sympathiques et en viendront à bout sans problème.
Cordialement - Best regards - Grüße :)
Aucun support par message privé - No support per PM - Kein Support über PN
Une assistance téléphonique en français est disponible pour Avira Antivirus Premium et Avira Internet Security : voici le lien
Tutoriels en français : HijackThis - Rescue CD - Malwarebytes’
English Tutorials : HijackThis - Rescue CD - Malwarebytes’

  • "Plop69" started this thread

Date of registration:
Oct 6th 2013

Version:
Avira Free Antivirus

Operating System:
Windows 7 SP1

  • Send private message

3

Sunday, October 6th 2013, 11:18pm

Merci! Je le fais de suite :).

Bien cordialement,

Plop69

johnyjohn

Moderator

Date of registration:
Mar 28th 2008

Version:
Avira Free Antivirus
Avira Ultimate Protection Suite
Avira Android Security

Operating System:
Windows

  • Send private message

4

Monday, October 7th 2013, 6:22pm

Cordialement - Best regards - Grüße :)
Aucun support par message privé - No support per PM - Kein Support über PN
Une assistance téléphonique en français est disponible pour Avira Antivirus Premium et Avira Internet Security : voici le lien
Tutoriels en français : HijackThis - Rescue CD - Malwarebytes’
English Tutorials : HijackThis - Rescue CD - Malwarebytes’