Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDSSntlv.dll, causing havoc!


  • This topic is locked This topic is locked
8 replies to this topic

#1 Domobaby

Domobaby

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 19 December 2008 - 08:46 AM

Hi all,

Been having some real trouble recently with alot of malware. It seems when I remove some of the harmful files my computer reverts to BSOD within 5 minutes of bootup.

The virus (es?) have hijacked my internet explorer and take me to webpages that arent at all related to what I wanted. It appears TDSSntlv.dll has something to do with this.

I know get messages that it is not designed for windows or needs reinstalling whenever I start up or try and open up programs. I try and MALWAREBYTES anti-malware as an administrator and then the same error comes up saying TDSSntlv.dll has encountered an error. So I have no chance of running the scan.

Same with Norton I try and run the scan but BSOD occurs so it cant finish.

Please help

Cheers Dom

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:19 PM

Posted 19 December 2008 - 09:14 AM

You must consider your computer as being totally compromised.
The malware you have is a rootkit/ backdoor.

Any financial info on your computer such as Paypal, checking accts., credit cards, etc. may have been harvested by the malware. You should immediately change all passwords using a different computer and monitor your credit cards, bank accts., etc.

The only way to be sure the malware is completely off your computer is to wipe the harddrive, reformat and reinstall your OS and programs.

If you don't want to do that, you can try running the scans in safe mode.

Try using SD Fix, too. Instructions are in the link below.
http://www.bleepingcomputer.com/forums/t/131299/how-to-use-sdfix/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 exile360

exile360

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 19 December 2008 - 09:17 AM

Greetings Domobaby, lots of people have been getting hit with this lately. To fix it, please try going to your device manager (click on the orb and type dev and press enter) then go to View at the top of Device Manager and select Show Hidden Devices, then expand the list under Non-Plug and Play Devices and look for the TDS driver then right click it and Uninstall it. Then give Malwarebytes' a go again and see if it will work without blue screening. If not, let me know and we'll try another tool.

edit: My bad buddy215, I didn't realize you were replying as well.

Edited by exile360, 19 December 2008 - 09:19 AM.


#4 Domobaby

Domobaby
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 19 December 2008 - 09:32 AM

Hi axile and buddy,

Thanks for the quick replies. Im in my university library at the moment researching the issue. Im happy to try as many tools as neccessary, and if wiping the hardrive is the final outcome I will jsutmake sure I get all my uni work off before hand otherwise I am really in trouble.

Buddy I dont do online banking etc.. but I will monitor my card as I have purchased things on the internet before. I cant think which passwords to change ( I am a student im at my overdraft limit lol). Norton doesnt run in safe mode which is a nightmare and the same error occurs on malwarebyte in safe mode.

I will try your method exile thanks but it wont be until later, are there any other tools you could show me so I can get them now and put them on USB for later. Also I found last night a file named icf.exe I think it was and that was created the same time as alot of other dodgy files I have seen.

Cheers Dom

#5 exile360

exile360

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 19 December 2008 - 11:26 AM

At the moment, my only other thought aside from disabling the TDS driver through the device manager would be to try Autoruns (Microsoft Sysinternals) to disable it (if it shows up in Autoruns) and anything else that shouldn't be there, but the safest bet (aside from formatting) is to simply disable that driver through the device manager and run Malwarebytes. Just be sure to update it (Malwarebytes) and do a quick scan after you've disabled the offending driver. It should get rid of most of it (if not all of it), then you should do a virus scan with your antivirus and at least one other online scanner to double check that you're clean. I would recommend Kaspersky for your second opinion: http://usa.kaspersky.com/products_services...rus-scanner.php Do a full scan and post back if it finds anything.

#6 Domobaby

Domobaby
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 19 December 2008 - 11:45 AM

Thanks alot exile,

I will spend time on this later. I have a housemates computer I use to download anything and cart it over on a USB. It could be the case that when I try to update malwarebytes the same malware that blocks web pages could block the update. I understand this is a recent rootkit and malwarebytes needs updating.

I will keep you posted.

Cheers Dom

#7 exile360

exile360

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 19 December 2008 - 02:26 PM

Yeah, you won't be able to update malwarebytes until you disable that driver (which is the rootkit), it blocks malwarebytes from running and it blocks their site (this includes updating). If you have it already installed on your housemates PC you could simply run it, update it, then copy this text into notepad and save it as grab defs.bat (save as type All Files) and then run it, it will grab the definitions file for you from mbams folder and place it in the same place as the batch file itself:

copy "%AllUsersProfile%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref" "%cd%"

Then, take the installer for MBAM (Malwarebytes' Anti-Malware) rename it and place it on your flash drive along with the rules.ref file and the following batch file which will install the definitions for you after you install MBAM on the infected PC:

copy rules.ref "%AllUsersProfile%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware"

Create the second batch file the same way you created the first and name it something like install defs.bat

After you do all of this, navigate to C:\Program Files\Malwarebytes' Anti-Malware and rename the file mbam.exe to something like scanner.exe and run it, you should be able to perform a scan then and you'll have the newest definitions. If you need any more help on how to do this stuff just let me know.

Edited by exile360, 19 December 2008 - 02:30 PM.


#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,961 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:19 PM

Posted 19 December 2008 - 02:29 PM

Moved from Vista forum to Am I Infected. ~ OB
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:19 PM

Posted 19 December 2008 - 04:24 PM

Closing this as I have it here,,,, http://www.bleepingcomputer.com/forums/t/187737/tdssntlvdll-preventing-malwarebytes-google-problems/
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users