system restore and safe mode + Acronis

  fourret 14:38 08 Sep 2008

Since installing Acronis True Image 10 Home, I have not been able to restart in Safe Mode or use System Restore. Also I can't use Acronis to restore (F11 on startup) because I can't use the mouse. Please can someone help?

  David4637 13:41 09 Sep 2008

Whats your OS - Vista/XP?
Have you made an Acronis restore disc?

  fourret 16:54 09 Sep 2008

Thanks for the response. OS is XP SP2
and no I haven't made an Acronis restore dik.

  Pineman100 17:03 09 Sep 2008

If only Acronis could do that, too.

  Ditch999 20:34 09 Sep 2008

You need to repair XP with an XP SP2 CD. Acronis has overwritten your boot record when it installed the F11 option.
click here for an article on how to repair XP. Please read it carefully and make sure you back up all your documents first.

Or you could try to fix the boot record directly by going Start>Run>cmd and type in
bootcfg /rebuild

Again, make sure you back up any important/valuable files first.

If they dont work then you can also try Start>Run>cmd and type in
sfc /scannow
You will need an XP CD with SP2 on it.

  fourret 07:42 10 Sep 2008

Thanks for your reply.I sorted Safe Mode (F5!)but if I do what you say will I be able to go back?
Reason for all this is I have a link redirect virus and I really want to get rid of it!

  crosstrainer 07:46 10 Sep 2008

You should have made the Acronis restore disc, after you have rid yourself of the virus, follow the instructions in TI and create the disc....It works in conjunction with the disc you make, and a safe hidden partiton on your hdd.

  fourret 07:52 10 Sep 2008

Does anyone know how to get rid of it?

  crosstrainer 08:01 10 Sep 2008

Full instructions:

Please do this in the order given.

Download Malwarebytes' Anti-Malware (MBAM) from:
click here
and save the file to your desktop.

Double click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select 'Perform Quick Scan', then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Post the entire report in your next reply along with a fresh HijackThis log.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Download RSIT by random/random and save it to your desktop.
Double click RSIT.exe to start the tool and click Continue at the disclaimer.
When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
Please post the contents of both logs here in your next reply.

Please post the MBAM log and the RSIT log.txt.

  fourret 08:43 10 Sep 2008

Malwarebytes' Anti-Malware 1.28
Database version: 1135
Windows 5.1.2600 Service Pack 2

10/09/2008 09:25:51
mbam-log-2008-09-10 (09-25-51).txt

Scan type: Quick Scan
Objects scanned: 66352
Time elapsed: 8 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
F:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
F:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
F:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
F:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
F:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
F:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
F:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
F:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.

  fourret 08:46 10 Sep 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:32:14, on 10/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
F:\Program Files\Windows Defender\MsMpEng.exe
F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
F:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
F:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
F:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
F:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
F:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\HP\hpcoretech\hpcmpmgr.exe
F:\Program Files\CyberLink\Shared files\RichVideo.exe
F:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
F:\Program Files\Windows Defender\MSASCui.exe
F:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
F:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
F:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
F:\Program Files\PowerISO\PWRISOVM.EXE
F:\Program Files\DAEMON Tools\daemon.exe
F:\Program Files\Cyberlink\Shared Files\brs.exe
F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Huawei MateBook X Pro review

8 digital brands that designed custom typefaces to save millions

How to speed up a slow Mac

Comment résoudre des problèmes d’impressions ?