{{
`${userDetail.user.displayName}${userDetail.user.cachedBungieGlobalDisplayNameCode ? `#${standardizeBungieGlobalCode(userDetail.user.cachedBungieGlobalDisplayNameCode)}` : ""}`}}
{{getUserClans()}}
Edited by The Manliest Man:
1/20/2013 11:38:26 PM
6
What are these files? Virus Help.
Ok, today my Norton anti-virus told me I needed to restart to remove a threat, so I did. It says it was a "Backdoor Tidserv". I've tried Googling it, but found nothing, so please refrain from telling me to Google it/telling me Norton sucks. The file name was b3b7.tmp, and the treat name was "Backdoor.Tideserv". The infected files that were removed were: c:\programdata\microsoft\windows\drm\b3b7.tmp and c:\programdata\microsoft\windows\drm\b3b8.tmp . Any ideas on what these are/ where they came from is greatly appreciated so I can avoid them in the future. Thanks!
-
1 ReplyEdited by FatherlyNick: 1/21/2013 2:27:58 AMI would recommend getting the necessary tools for scanning/removing stuff like that. Go offline and start cleaning up your system. Make sure your PC has no access to ANY network, Local intranet, internet, any sort of NAT - nothing. This is to minimise the spread, a sort of quaranteen if you will. now when your machine is on quaranteen, perform the necesarry scans for threats and remove them and any traits for them, try and recall the source of where the infection was gotten and block that site using your browser. In future if you notive something fishy going on with your PC, quakly (and i mean quickly) disconnect it from all networks, pull the damn ethernet cable, do whatever you can to get your PC isolated.
-
Did you just randomly get it? Or were you on a sketchy website or something?
-
If you're still unsure about it, you can use this [url=http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixTDSS.exe]recommended rootkit removal tool[/url].
-
Really? Because I googled it, and [url=http://www.symantec.com/security_response/writeup.jsp?docid=2008-091809-0911-99]the very first link[/url] was a symantec site that explains in detail what it is. Basically, it's a rootkit designed to slap adware on everything. Generally the only way to really remove a rootkit is to reinstall the OS, but if that's not an option then make sure to do a few more scans a while after Norton removes it to make sure it doesn't come back.
-
3 RepliesEdited by Wyldfyre: 1/21/2013 12:15:28 AMThey're self installing malware droppers. They're Trojan horses. They display advertisements, change search results and open "back doors" to your system for other types of malware. They're also known as 28C6.TMP, B3B7.TMP, Alureon, TDSS and TDL. They originate from Portugal and Poland. Don't worry about it if your AV says they're cleared now though. Stuff like that just drops off the internet sometimes, you can't really help it.
-
[quote]so please refrain from telling me to Google it[/quote]:(
