Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 11-30-2010, 10:15 AM   #1
Beta Member
 
Join Date: Nov 2010
Posts: 3
Default PC Infected by rootkit.tdss.aw virus

I am running Windows XP and the Bitdefender anti virus software. Bitdefender notified me that it caught the rootkit.tdss.aw virus however soon after my PC automatically re-booted. It gets passed the bios tests however will not boot to windows. I removed the hard drive and put it into another PC and ran the bitdefender antivirus software on the drive and it detected the virus again but couldn't remove it.
I put the drive back into the original computer and ran bitdefender from the rescue CD but it did not detect any viruses.
I then ran the Windows XP setup with the repair option. It completed successfully but I still can't get the PC to start Windows.
I have now acquired a new hard drive and am in the process of installing Windows XP. I can still see the data on the original hard drive so I at least can still get at my old data.

Any suggestions for getting the orignal drive and Windows working as I would prefer not to have to re-install all my software.

PS a ran a backup a couple of months ago however for some reason I can't access it. Should have tried a test restore I guess. Live and learn.
__________________

rebby is offline   Reply With Quote
Old 12-02-2010, 02:29 AM   #2
Fully Optimized
 
cavemangrinder's Avatar
 
Join Date: Oct 2007
Location: USA
Posts: 1,540
Default Re: PC Infected by rootkit.tdss.aw virus

Reconnect the hard drive to your other PC again and run Malwarebytes and SuperAntispyware, both free programs. See if those can remove the infection off the hard drive for you. If not, I read somewhere on a forum that Spyware Doctor had been successful as removing variants of that malware.
__________________

cavemangrinder is offline   Reply With Quote
Old 12-02-2010, 03:37 PM   #3
Beta Member
 
Join Date: Nov 2010
Posts: 3
Default Re: PC Infected by rootkit.tdss.aw virus

Ran CHKDSK and it came up clean. Then tried Kaspersky Rescue CD, which found the virus Rootkit.win32.tdss.mb in /dev/hdb however was unable to remove it.
I'll look into the Malwarebytes and Superantispyware to see if they can be run from a boot disc.
rebby is offline   Reply With Quote
Old 12-05-2010, 11:00 PM   #4
Solid State Member
 
Net_Surfer's Avatar
 
Join Date: Jun 2009
Posts: 6
Default Re: PC Infected by rootkit.tdss.aw virus

Download TDSSKiller.exe (v2.4.0.0) from Kaspersky Labs and save it to your desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension
  • Click the Start Scan button.
  • Do not use the computer during the scan.
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_14.17.05_log.txt) will be created and saved to the root directory ( usually Local Disk C ).
* Post this log to your next message.

If needed see the TDSS Rootkit Removing Tool website for detailed instructions on running TDSSkiller.
Net_Surfer is offline   Reply With Quote
Old 12-06-2010, 12:12 PM   #5
Beta Member
 
Join Date: Nov 2010
Posts: 3
Thumbs up Re: PC Infected by rootkit.tdss.aw virus

Well thanks to everyone for their help. I received the information about TDSSKiller from another site as well.
I ran the Kaspersky Boot Rescue disk and it did find the virus however was unable to remove it.
I wasn't aware of the TDSSKiller so decided to get another hard drive so that I could boot my PC and save my data from my old primary drive.
As my PC wouldn't boot on it's own and TDSSKiller had to reside somewhere to run it so I installed windows and booted the PC from there.
I then downloaded the TDSSKiller onto my new drive and ran TDSSKiller against my other drive and it removed the virus. I switched hard drives and was back in business sort of.
In my attempts to resolve the problem I tried to run Windows XP Install/Repair process. After I got my old primary drive up I found that I was back to Windows XP SP1. After numerous hours of reinstalling Microsoft updates I'm back in business again.

Lessons learned: all anti virus software have their pro's and con's. Bitdefender works better than my old old Norton but didn't catch the virus and their technical support had no remedy for my problem.
Kaspersky rescue Cd worked best to kind the problem and their virus killer did the job.
As Kaspersky saved the day for me I'm going to use them next time I have to get new anti virus software.
The technician at the Computer store that I bought the hard dirve told me that he only uses free anti-virus software. There are a number of good ones out there. So far the experiences I have had indicate he might be right.
rebby is offline   Reply With Quote
Old 12-07-2010, 03:52 PM   #6
Fully Optimized
 
NeXuS's Avatar
 
Join Date: Dec 2005
Posts: 2,960
Default Re: PC Infected by rootkit.tdss.aw virus

TDSSKiller is not working for me I am having serious problems removing this crap.
__________________
//Antec 902 V3 Case, Intel i7-2600K (@4.5GHz 1.280V watercooled w/ Antec H2O Kuhler 920), 8GB DDR3 Corsair Vengeance 1866MHz, ASUS P8P67 PRO B3, MSI 3GB N580 GTX Lightning Xtreme (@850MHz/2100MHz), 1TB Samsung Spinpoint F3, Corsair HX850W Pro Series//
//XPS 410 C2D E6400 @ 2.13GHz, 2GB DDR2 667MHz, 250GB HD, eVGA 320mb 8800GTS(605/1900MHz)//
//AMD Athlon XP +2000, Socket A MSI-6390, 768 mb of PC 2100 RAM, AGP ATI RADEON 9600SE//

I <3 TrancE
NeXuS is offline   Reply With Quote
Old 12-11-2010, 10:25 PM   #7
Solid State Member
 
Net_Surfer's Avatar
 
Join Date: Jun 2009
Posts: 6
Default Re: PC Infected by rootkit.tdss.aw virus

Quote:
Originally Posted by NeXuS View Post
TDSSKiller is not working for me I am having serious problems removing this crap.
If you are running xp or vista you can try to run Combofix tool that is an another way to get this infections.

If XP ensure that you allow combofix to install the Recovery Console.

Please visit this webpage for instructions if you have problems downloading and running ComboFix:
>> A guide and tutorial on using ComboFix <<

If you need help acting on the resultant log I will be happy to help you get the rest of the baddies.

Kind Regards
Net_Surfer
Net_Surfer is offline   Reply With Quote
Old 12-13-2010, 05:34 AM   #8
Solid State Member
 
Join Date: Oct 2010
Posts: 10
Default Re: PC Infected by rootkit.tdss.aw virus

Rootkit.TDSS is a rogue rootkit application that has the backdoor ability to permit an attacker to gain remote unauthorized access. Rootkit.TDSS should be removed promptly.

Search and kill the following processes
# Please go to “Start” and then click on “Run”
# Now in the Run command box, type “taskmgr.exe“, and then click on “OK”
# OR, Please press, “Alt+Ctrl+Delete“, then click on “Task Manager”
# Now select the file name and then click on “End Task” to kill the process.

Remove Rootkit.TDSS Virus files & folders
# Please go to “Start” and then click on “Run”
# Now in the Run command box, type “cmd“, and then click on “OK”
# Type “regsvr32 /u filename.dll” where “filename” is the name of the file that you like to Unregister.


Remove/Modify corrupt Registry Entries
# Please go to “Start” and then click on “Run“
Now in the Run command box, type “regedit“, and then click on “OK”
This option will open the Registry Editor, there you can delete and modify the Registry Entries..
There is no problem to find out any Registry Entry, if you know what you are looking for. Otherwise you can search the registry key with the search option of Registry Editor. And for this, just Press “Ctrl + F” to locate the key that contain the value you want to delete or modify.
SofiaBrown is offline   Reply With Quote
Old 12-13-2010, 11:44 AM   #9
In Runtime
 
thompatry's Avatar
 
Join Date: Feb 2010
Posts: 145
Default Re: PC Infected by rootkit.tdss.aw virus

My recommendation is to reformat the computer. Boot into some form of linux (Ubuntu is my preference), and back up your files that you need. Once you do that, go ahead and wipe the computer and start from the beginning. Yes, I know, it is a lot of work, but it will assure you that you will have a clean, uninfected computer. One last note, I will leave you is when you do want to reformat, in the XP installation disk, make sure you wipe the drive with slower wipe.
__________________

thompatry is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 10:16 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0