Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cant run tdskill


  • This topic is locked This topic is locked
9 replies to this topic

#1 wendyo

wendyo

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:10 PM

Posted 02 April 2012 - 01:17 PM

Hello, My computer has crashed not booting past the blue screen. I am able to Kapersky Rescue Disk 10 and am able to get online. I downloaded the TDsskiller virus removal tool from Kapersky but I am unable to open either the executable file or the zipfiles as I can't access windows. Nor can i find any instructions on how to use the "Terminal" function on Kapersky rescue disk or any types of commands that might work. I have looked up various sites that claim manual removal instructions for this virus but all of them have different instructions so have not tried any of them. I have read another thread here about you giving someone instructions on fixing the MBR.exe and I am pretty sure I need to fix my MBR too but have not tried any of that either. Is the "Terminal" function Dos? I am really in over my head and would greatly appreciate any help I could get. Thank-you so much in advance.

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 19,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:10 PM

Posted 08 April 2012 - 08:55 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

I think you will find the necessary steps to run the Kaspersky tool.

http://support.kaspersky.com/viruses/solutions?qid=208285998

If at any time you need help please ask.

When ready please post the log and let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 19,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:10 PM

Posted 14 April 2012 - 07:46 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 19,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:10 PM

Posted 18 April 2012 - 09:48 AM

Topic reopened.

#5 wendyo

wendyo
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:10 PM

Posted 18 April 2012 - 10:33 AM

Hello, Thanks for re-opening the topic. I tried to run the windowsunlocker but only got about half of what I should have (I think) I ahev attached the log from the file like directed on the Kapersky page (I had to re-type because my infected computer will not copy or print) I have also attached the readout from the terminal as it was slightly different than the log file. Iam pretty sure "wow64 , and big poppa bingo" registries should not be there right but no idea how to edit them.

Thank-you so much for all your help,

wendyAttached File  windowsunlocker 2.rtf   1.5KB   1 downloads

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 19,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:10 PM

Posted 18 April 2012 - 01:09 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

Post the logs if you can.

Let me know of the current problems with this computer.

#7 wendyo

wendyo
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:10 PM

Posted 19 April 2012 - 02:25 AM

Hello, I have already tried to open and run the TDSSKILL program but it wants me to find a program to open it with, (and all the ones available within Kapersky rescue disk: Konquer, Dolphin, Terminal, Konsole etc can not open it and most certainly can't unpack a zipped file) I am booting up the the Kapersky disk without being able to access windows. I can see it and all its files but can't access it. So I am operating in Linux only if I inderstand? Thats one of the reasons I was asking about how to get into Dos, because I figured I could try anmd runn the TDSKILL.exe from there. Also if my computer is operating of the Kapersky rescue disk (on a CD) how am I suppose to run another at the same time. I have also tried a flash drive but it couldn't open it either.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 19,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:10 PM

Posted 19 April 2012 - 09:53 AM

Can you find a way to run these tools.

Print out these instructions as we may need to close every window that is open later in the fix.

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

Using the infected computer or the method above download these files.

RKill Download Link

FixNCR.reg

===

This infection changes settings on your computer so that when you launch an executable, a file ending with .exe, it will instead launch the infection rather than the desired program. To fix this we must first download a Registry file that will fix these changes.

Download FixNCR.reg

Once that file is downloaded and saved on a removable devices, insert the removable device into the infected computer and open the folder the drive letter associated with it. You should now see the FixNCR.reg file that you had downloaded onto it. Double-click on the FixNCR.reg file to fix the Registry on your infected computer. You should now be able to run your normal executable programs and can proceed to the next step.

If you do not have any removable media or another clean computer that you can download the FixNCR.reg file onto, you can try and download it to your infected computer using another method. On the infected computer, right click on the Internet Explorer's icon, or any other browser's icon, and select Run As or Run as Administrator. If you are using Windows XP, you will be prompted to select a user and enter its password. It is suggested that you attempt to login as the Administrator user. For Windows 7 or Windows Vista, you will be prompted to enter your Administrator account password.

Once you enter the password, your browser will start and you can download the above FixNCR.reg file. When saving it, make sure you save it to a folder that can be accessed by your normal account. Remember, that you will be launching the browser as another user, so if you save it to a My Documents folder, it will not be your normal My Documents folder that it is downloaded into. Instead it will be the My Documents folder that belongs to the user you ran the browser as. Once the download has finished, close your browser and find the FixNCR.reg file that you downloaded. Now double-click on it and allow the data to be merged. You should now be able to run your normal executable programs and can proceed to the next step.
===

Can you now run .exe files...

Keep me posted.

#9 wendyo

wendyo
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:10 PM

Posted 24 April 2012 - 03:11 AM

I suddenly got swamped at work, so bear with me. I will try these steps AAP and keep you posted. Thank-you

#10 nasdaq

nasdaq

  • Malware Response Team
  • 19,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:10 PM

Posted 30 April 2012 - 08:01 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users