BleepingComputer.com: Infected with TDSS TDL4 rootkit with Google redirecting

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Infected with TDSS TDL4 rootkit with Google redirecting need some expert help clearing this thing

#1 User is offline   decan_tosh27 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 4
  • Joined: 21-June 11

Posted 22 June 2011 - 12:48 AM

Hi BC!

I was infected last week with the PC Recovery Virus (which I believe was executed from visiting a link a WP plugin that was being installed using the admin… or this was timed with a recent update to a bunch of WinXP SP3 updates).

Attempts to get rid of it havent worked -- I managed to clear out the original issue and unhide everything. A day later (last week) the browser started the Google Redirect virus which upon further investigation may be a nice rootkit of the TDL4 nature as I am showing an infected volsnap.sys file on a RootKitBuster, GMER, and RootKitRevealer scan

In Running Task Manager I also see iexplorer active (where IE creates a bunch of files and the computer slows). All said, I have downloaded several anti virus, spyware, malware etc programs (online and local) but cannot get rid of this pest. I am aware of the warnings surrounding running Combofix but have ran it – it hangs and will not complete. Even leaving it for 6 hours, it hangs where I believe the steps should be building (it passes the creating the restore point, etc.). There are warnings about AVG but I have removed AVG first with their program, then with their uninstaller. It is not there from what I can tell.

Attempting to running TDSSKiller also doesnt seem to work even with a different file name on the exe. I need your help and have taken this as far as I can on my own (yikes!)

Attached are the logs as requested for DDS.txt, attach.txt (as zip) and GMER.txt will be added in a moment to the next post

Attached the GMER file

Attached is the finished GMER file (there were a few hidden objects at the bottom) I missed.

Attached File(s)


This post has been edited by rigel: 22 June 2011 - 06:18 PM

#2 User is offline   decan_tosh27 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 4
  • Joined: 21-June 11

Posted 24 June 2011 - 12:05 PM

Seemed to have found a fix which worked - and removed the rootkit. Running all other scans now.

Similar to this post (good karma and creds to you!)
http://www.bleepingcomputer.com/forums/topic405270.html/page__p__2303683#entry2303683


MC MODERATOR - You can close this topic.

#3 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 24 June 2011 - 12:12 PM

As this issue appears to be resolved, this thread will now be closed.

Thread Closed.

Kindest Regards,
SweetTech.
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users