Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBAM removed Rootkit.TDSS


  • Please log in to reply
1 reply to this topic

#1 Arkhyz

Arkhyz

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:Wyoming
  • Local time:07:03 PM

Posted 27 September 2009 - 11:11 AM

The other day I ran an MBAM scan.
I noticed less than a week ago that another member of the household (who really should know better) had visited p--n sites. A few days after, the taskbar exploded with a whole bunch of programs. It was as if all of the system tray and background programs suddenly had active windows. (I thought I was just being butterfingers and had accidentally hit the wrong combo of keys. I have a special knack for that, especially since the left-side ctrl key sticks occassionally.)
But maybe it was something else...?

No other symptoms.

MBAM said I had a rootkit called TDSS. Specifically, it said:
Malware.Trace
Rootkit.TDSS
Disabled.SecurityCenter
Disabled.SecurityCenter (this was listed twice)

What I Have Done
I opened the windows security center and it appeared to be functioning normally, but I am learning that very little can be trusted if I truly have a rootkit on my system.
I visited bleepingcomputer to see what I should do. Printed guidelines.
I downloaded fresh copies of dds and rootrepeal and renamed them.

I pulled the cord on the internet and uninstalled several programs. Some were old security scanners which I feared were no longer trustworthy. Some were just old programs that I rarely used.

I also cleared out files in temp folder (C:\Documents and Settings\Compaq_Owner\Local Settings\Temp ) except IadHide5.dll which said it was in use.

I ran MBAM again and let it do its thing. Reboot and ran it again. MBAM doesn't show anything anymore.
Ran DDS and RootRepeal and saved the logs.

Am I Infected?

Additional Info
OS: Windows XP, service pack 3
In January 2009, I received help here in removing Vundo.

I am keeping this computer disconnected from the internet, but I will receive immediate email notification on my phone.

Thanks in advance!
~Kristin

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:03 AM

Posted 27 September 2009 - 05:28 PM

Please post the RootRepeal log.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users