Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.TDSS


  • Please log in to reply
1 reply to this topic

#1 daldous

daldous

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 25 November 2009 - 01:55 PM

Hello,

I have a laptop infected with Trojan.TDSS. I've ran MBAM on it, it has removed entries regarding Trojan.TDSS. I rebooted the laptop, re-ran a complete scan, and it found Trojan.TDSS entries again.
I rebooted the laptop once again, and I'm still getting the same ideas.

Brief information on the system:
MBAM: downloaded yesterday, updated before running.
OS: XP SP3

How can I make sure Trojan.TDSS is completely removed?
I've searched the forum already and people have similar problems to mine. They had recommendations to run HJT/combofix/Rootkit Repealer but I figured I'd hold off on that until I got proper advice.

BC AdBot (Login to Remove)

 


#2 daldous

daldous
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 25 November 2009 - 02:04 PM

Let me add some more details:
- I've had a (brief) look through the hidden devices in the Device Manager -- I saw nothing with the substring TDSS within it.
- The first two MBAM "Show Results" found files in c:\windows\system32 -- they had a random string of letters as the name and dll as the extension.

- The 3rd and latest scan with MBAM showed results in C:\SYSTEM VOLUME INFORMATION\_restore (something to that effect -- I don't have the exact string right now), and I suspected this was an infected System Restore point. I've disabled System Restore, and that has deleted all the restore points. I'm running a full scan with MBAM right now.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users