Posted 02 January 2009 - 01:27 AM
Hi, a friend's laptop was infected with a version of TDSS. I was never able to go into safe mode while infected. Because one of the files infected was C:\WINDOWS\system32 indicating the folder and not a file. It was never able to be deleted. I also did not know that when I renamed mbam.exe file... I needed to change it back before restarting the computer. Therefore, malwarebytes never fully cleaned my computer because it could not find mbam.exe on restart. I had to use combofix and it combined with sdfix fixed my safe mode option.
Another issue was the fake BSOD's which occurred when I tried to run a search and when I booted in safe mode. I ran malwarebytes after using combofix and the computer is clean for now. After cleaning the system using ccleaner, deleting old restore points and creating a new restore point, installing antispyware and antivirus software (Avira), and installing a firewall (Comodo), running windows update, updating adobe and open office on my friend's computer; windows XP start up is extremely slow (screen goes black) and the sound files on start up skip. Also new is the option to select which operating system to load and it keeps going. There is only one, Windows XP SP3. I am thinking that I need to uninstall combofix and recovery console? I also read that I should consider making sure that DMA is enabled? Oh... one more thing when TDSS was running rampant, Windows did not recognize the CD/DVD drive and now it does. Any ideas would be much appreciated. Thanks