Posted 01 September 2009 - 06:00 AM
One of my friends managed to install this nasty rootkit on to my Vista Ultimate machine and I have had nothing but problems since. First It redirected search engines, then it installed win police pro, then it killed access to all windows executable unless you ran them in administrator mode. The rootkit was identified as a Rootkit.TDSS by Malware bytes, and Spyware Doctor, but it was identified as Rootkit.Rustock[KBI] by SuperAntispyware. Spyware Doctor and SuperAntispyware failed to rid me of the pest, but Malware bytes managed to remove most of it. Right now im stuck with 4 TDSS regkeys that wont delete. Malware detects them, but will not remove them. I've tried manual removal, and checked the added approprite registry permissions. The just wont go away and im afraid I havent removed the infection. Although, the computer appears to work perfectly.
Malwarebytes' Anti-Malware 1.40
Database version: 2723
Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbiwkmfqnmkfeu (Rootkit.TDSS) -> Delete on reboot.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbiwkmlhphykoy (Rootkit.TDSS) -> Delete on reboot.
I can view these 2 keys but not delete them, they are where the injector is held. Although, i did manage to delete SOME of the files contained in there.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ytasfwqespetxa (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ytasfwycogfnfb (Rootkit.TDSS) -> Quarantined and deleted successfully.
I cant even view the contents of these keys, nor will they delete.
I can post full Malware Logs and HJT logs if needed. Any help is appricated.