Viruses ======= Removing and Cleaning Up TDSS Guide for 1/2010 - malwarekilla (the man) |http://remove-malware.com/antimalware/anti-malware-howto/removing-and-cleaning-up-tdss-guide-for-12010/ |\\?\globalroot\Device\__max++> |\\?\globalroot\Device\__max++>\(8-digit-hex-code).x86.dll |It appears to have created a virtual device called __max++>; find it in registry under enum. Alureon.cx rootkit, Fasec Trojan Rootkits - drivers\*.sys, TDS*.*, mssync20.*, ovfs*.*, UAC*.* Hijack: HKLM\SW\MS\Windows NT\CurVer\Image File Execution Options\explorer.exe |HK_CLASSES_ROOT\.exe\shell\open\command |HK_CLASSES_ROOT\secfile\shell\open\command Virus Tools: GooRedFix - Google Redirect mbr catchme Combofix, Gmer, MBAM, TDSSKiller (Kaspersky) drweb (remover), mbam (malwarebytes), gmer, sas (super antispyware), combofix GMER - http://www.gmer.net SysProt AntiRootKit - http://sites.google.com/site/sysprotantirootkit AVZ - http://www.z-oleg.com/avz4.zip DDS - http://download.bleepingcomputer.com/sUBs/dds.scr ComboFix - http://www.combofix.org/download.php Malwarebytes - http://www.besttechie.net/tools/mbam-setup.exe Microsoft KnowledgeBase Articles (support.microsoft.com) ======================================================== Stop messages: http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/prmd_stp_tnvo.asp KB264672: MSOEXP won't keep password KB319901: Outlook contacts KB155217: CDROM autorun enable/disable KB310715: Info: Scheduled Tasks don't run on WinXP without User Account password KB315231: XP Automatic Logon (also control userpasswords2, or delete extra User Account ASP.net) |HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\ |DefaultUserName[String], DefaultPassword[String], AutoAdminLogon[String]=1 KB815485 adds WPA support to WinXP (SP1 only) KB921914 Disable Windows Genuine Advantage notifications KB920074 Reinstall Windows Firewall KB927223: Save As and Office 2007 KB290684: Outlook 2002 doesn't save passwords in Vista Email ===== pop-server.satx.rr.com, smtp-server.satx.rr.com, webmail.satx.rr.com, dialaccess.rr.com, 244-0500 pop.att.yahoo.com SSL 995, smtp.att.yahoo.com SSL 465, auth req pop.bizmail.yahoo.com: same pattern as AT&T: SSL, 465/995 (address includes custom domain), http://mail.[customdomain].com plus.pop.mail.yahoo.com SSL 995, plus.smtp.mail.yahoo.com SSL 465, 587, (acct name without @yahoo.com), auth required pop.aol.com SSL 995, imap.aol.com SSL 993, smtp.aol.com SSL 587, username without @aol.com pop.gmail.com SSL 995, smtp.gmail.com SSL 465, imap.gmail.com SSL 993, requires auth, full email address pop.gvtc.com, smtp.gvtc.com, auth. req., standard ports mail.grandecom.net (POP & SMTP) Sprint PCS Authenticated SMTP: smtp.sprintpcs.com, www.sprintpcs.com/mypcs (register for access) username (only the part before the @) GoDaddy: pop.secureserver.net, smtpout.secureserver.net, user name: complete address including custom domain, http://email.secureserver.net |In order to use this server to send e-mails, you must first activate SMTP relay on your e-mail account. Log on to your Manage Email Accounts page to set up SMTP relay. |Auth Required; POP: No SSL 110, SSL 995; SMTP: No SSL 25, 80, 3535, SSL - 465; IMAP No SSL 143, SSL 993 AOL Webmail forwarding: for Text & Pictures, DO NOT FORWARD. Copy & paste into new msg with Rich Text Editor. |For other attachments, Forward, change to Plain Text editor (Other people's Rich Text fails to send). Internet Providers ================== voglerkids@sbcglobal.net/3bbees4mee AT&T Registration |attreg@att.net, pw: attreg; https://attreg.att.net |Old Username: sbcyahooreg@sbcglobal.net, Password: sbcyahooreg |https://help.sbcglobal.net/register = https://204.60.203.227/register |https://attreg.att.net/register = https://144.60.97.91/register or 144.160.11.35/register |https://sbcreg.sbcglobal.net to get username/password [SECURE!] helpme.att.net Dialup 228-3410, 477-1290/91/93/98/99 DNS: 151.164.17.201, 151.164.11.201, 151.164.1.8, 206.13.28.12 Homeportal DSL modem/router: log in to router: homeportal/setup homeportal/management > click resets to reset modem/router AT&T 1-877-722-3755 AOL: 1-888-265-8003 (reset pwd: 2,3) or 265-8008 Reset Pwd: log in with pwd="reset", then again "reset" AOL High Speed: 1-888-418-9609 Yahoo 1-408-349-7770 (for paying customers) MSN Support 1-800-386-5550 Dialup: MSN/username; 448-9882, 247-2184, 748-1004 Dell Technical Dept. 1-800-624-9896 or 9897 Time Warner: 244-0500 More AT&T: 1-866-596-8455 (Robt Bell)