BleepingComputer.com: Windows XP Repair - TDSS rootkit

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Windows XP Repair - TDSS rootkit

#1 User is offline   cpued 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 2
  • Joined: 02-July 11

Posted 03 July 2011 - 02:04 AM

Most of the issues I am experiencing are described: http://www.bleepingcomputer.com/virus-removal/remove-windows-xp-repair
This includes the hijackthis entry described in the article, "low disk space" warning, google search redirect, hidden files, as well as the "windows xp repair" shortcut installed on the desktop.

It also includes indications that the TDSS rootkit has been installed. Malwarebytes received an error when trying to update. Thats the point I get a little confused...the article defers on this variety saying:

"this guide will not be able to help you and you should instead follow the instructions in this topic in order to receive one-on-one help in removing this infection"

I'm not entirely sure what that means, but if anyone has any helpful thoughtAttached File  hijackthis.log (9.7K)
Number of downloads: 0, I would be be very much obliged.

Best-Dave

#2 User is offline   cpued 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 2
  • Joined: 02-July 11

Posted 06 July 2011 - 10:41 PM

I found a very helpful link in removing and cleaning up from this infection. Computer seems to be operating normally again.

http://www.symantec.com/security_response/writeup.jsp?docid=2008-091809-0911-99&tabid=2

#3 User is offline   Budapest 

  • Bleepin' Cynic
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Moderator
  • Posts: 22,242
  • Joined: 11-November 06
  • Gender:Male

Posted 07 July 2011 - 04:46 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users