PC Infected by rootkit.tdss.aw virus

R

rebby

Beta member
Messages
3
I am running Windows XP and the Bitdefender anti virus software. Bitdefender notified me that it caught the rootkit.tdss.aw virus however soon after my PC automatically re-booted. It gets passed the bios tests however will not boot to windows. I removed the hard drive and put it into another PC and ran the bitdefender antivirus software on the drive and it detected the virus again but couldn't remove it.
I put the drive back into the original computer and ran bitdefender from the rescue CD but it did not detect any viruses.
I then ran the Windows XP setup with the repair option. It completed successfully but I still can't get the PC to start Windows.
I have now acquired a new hard drive and am in the process of installing Windows XP. I can still see the data on the original hard drive so I at least can still get at my old data.

Any suggestions for getting the orignal drive and Windows working as I would prefer not to have to re-install all my software.

PS a ran a backup a couple of months ago however for some reason I can't access it. Should have tried a test restore I guess. Live and learn.
 
Reconnect the hard drive to your other PC again and run Malwarebytes and SuperAntispyware, both free programs. See if those can remove the infection off the hard drive for you. If not, I read somewhere on a forum that Spyware Doctor had been successful as removing variants of that malware.
 
Ran CHKDSK and it came up clean. Then tried Kaspersky Rescue CD, which found the virus Rootkit.win32.tdss.mb in /dev/hdb however was unable to remove it.
I'll look into the Malwarebytes and Superantispyware to see if they can be run from a boot disc.
 
Download TDSSKiller.exe (v2.4.0.0) from Kaspersky Labs and save it to your desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension
  • Click the Start Scan button.
  • Do not use the computer during the scan.
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_14.17.05_log.txt) will be created and saved to the root directory ( usually Local Disk C ).
* Post this log to your next message.

If needed see the TDSS Rootkit Removing Tool website for detailed instructions on running TDSSkiller.
 
Well thanks to everyone for their help. I received the information about TDSSKiller from another site as well.
I ran the Kaspersky Boot Rescue disk and it did find the virus however was unable to remove it.
I wasn't aware of the TDSSKiller so decided to get another hard drive so that I could boot my PC and save my data from my old primary drive.
As my PC wouldn't boot on it's own and TDSSKiller had to reside somewhere to run it so I installed windows and booted the PC from there.
I then downloaded the TDSSKiller onto my new drive and ran TDSSKiller against my other drive and it removed the virus. I switched hard drives and was back in business sort of.
In my attempts to resolve the problem I tried to run Windows XP Install/Repair process. After I got my old primary drive up I found that I was back to Windows XP SP1. After numerous hours of reinstalling Microsoft updates I'm back in business again.

Lessons learned: all anti virus software have their pro's and con's. Bitdefender works better than my old old Norton but didn't catch the virus and their technical support had no remedy for my problem.
Kaspersky rescue Cd worked best to kind the problem and their virus killer did the job.
As Kaspersky saved the day for me I'm going to use them next time I have to get new anti virus software.
The technician at the Computer store that I bought the hard dirve told me that he only uses free anti-virus software. There are a number of good ones out there. So far the experiences I have had indicate he might be right.
 
TDSSKiller is not working for me I am having serious problems removing this crap.
 
NeXuS said:
TDSSKiller is not working for me I am having serious problems removing this crap.
Click to expand...

If you are running xp or vista you can try to run Combofix tool that is an another way to get this infections.

If XP ensure that you allow combofix to install the Recovery Console.

Please visit this webpage for instructions if you have problems downloading and running ComboFix:
>> A guide and tutorial on using ComboFix <<

If you need help acting on the resultant log I will be happy to help you get the rest of the baddies.

Kind Regards
Net_Surfer
 
Rootkit.TDSS is a rogue rootkit application that has the backdoor ability to permit an attacker to gain remote unauthorized access. Rootkit.TDSS should be removed promptly.

Search and kill the following processes
# Please go to “Start” and then click on “Run”
# Now in the Run command box, type “taskmgr.exe“, and then click on “OK”
# OR, Please press, “Alt+Ctrl+Delete“, then click on “Task Manager”
# Now select the file name and then click on “End Task” to kill the process.

Remove Rootkit.TDSS Virus files & folders
# Please go to “Start” and then click on “Run”
# Now in the Run command box, type “cmd“, and then click on “OK”
# Type “regsvr32 /u filename.dll” where “filename” is the name of the file that you like to Unregister.


Remove/Modify corrupt Registry Entries
# Please go to “Start” and then click on “Run“
Now in the Run command box, type “regedit“, and then click on “OK”
This option will open the Registry Editor, there you can delete and modify the Registry Entries..
There is no problem to find out any Registry Entry, if you know what you are looking for. Otherwise you can search the registry key with the search option of Registry Editor. And for this, just Press “Ctrl + F” to locate the key that contain the value you want to delete or modify.
 
My recommendation is to reformat the computer. Boot into some form of linux (Ubuntu is my preference), and back up your files that you need. Once you do that, go ahead and wipe the computer and start from the beginning. Yes, I know, it is a lot of work, but it will assure you that you will have a clean, uninfected computer. One last note, I will leave you is when you do want to reformat, in the XP installation disk, make sure you wipe the drive with slower wipe.
 
You must log in or register to reply here.

Similar threads

P
My PC Won't Boot into Window
Replies
3
Views
541
pete.i
P
R
moving system drive from one pc to another possible?
Replies
2
Views
244
raverx3m
R
R
people who switch computers alot what is your tricks to save time?
2
Replies
10
Views
2K
mikee
M
S
Full sized Keyboard will sleep PC Hand held KB won’t sleep
Replies
1
Views
353
Joe C
Joe C
P
ComboFix Replacement
Replies
5
Views
509
PC_Cone
P
Back
Top Bottom