Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes found Rootkit.TDSS file, how do i get rid of it?


  • Please log in to reply
4 replies to this topic

#1 CaseyC

CaseyC

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 15 December 2009 - 01:24 PM

First up, i'm on a Toshiba satellite laptop, running XP Media Center edition 2002. My computer has been acting up lately, and i'm deployed outside the US so i cant bring it to the local computer guru's to fix so i'm trying to do it myself. Unfortunately, i dont know enough so i'm here. The last 2 days i would be working on the computer on Internet Explorer and it would freeze on me, locking up everything including the mouse. I was noticing also that i would be typing or browsing a window and all of a sudden that window i was in would no longer be highlighted/active, like i had clicked outside the window but my hands were not on the touch pad. I started looking at the task manager and had about 43-45 processes running, with multiple examples of iexplore.exe open but only one window of Internet Explorer. I thought this was suspicious so i googled it and did a little research of my own. I could close them, and usually 1 or 2 of them would open back up by themselves. I searched my files for iexplore.exe and found it in 3 places. One was suspect, in a Prefect folder and the file name IEXPLORE.EXE-27122324.pf. Tried deleting this several times as i read it was a virus. Running Symantec, even in safe mode, nothing was found. File would come back after deleting it.
What i ended up doing was downloading Malwarebytes. I tried running this and nothing would happen, so i researched that problem and found that by changing the file name i was able to run the program. I ran the program and came up with one malware, Rootkit.TDSS file found in a system32 file. I restarted after "deleting" the problem, and ran malwarebytes again. Found another instance of this rootkit.TDSS in a registry key instead of a file. At this point, i looked up the rootkit.tdss on google and it didnt look good, so here i am. I have the 2 logs saved from malwarebytes. Not sure where to go from here to get rid of this stuff and back to normal computing.

I've uninstalled IE8, tried deleting all instances of IE but i'm not being allowed to delete everything. I've switched over to using Firefox. I continue to have the issue of whatever active window i'm using, all of a sudden not being active like i've clicked outside of that window i.e. in the middle of typing, i'll have to click back into the window to continue typing. Hope you guys can help. Thanks! I'm new to this, so if i left out important info i apologize.

BC AdBot (Login to Remove)

 


#2 LewofViriginia

LewofViriginia

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 18 December 2009 - 12:14 AM

Casey,

My daughter's computer was infected with a Browser hijacker (which sounds similar to your problem) plus other infections over the last 12 months (even with having a FIOS security suite installed). Malware Bytes has been a tremendous help. It sounds as if in your case it was a 50% solution. I am not an expert, but in talking to others and doing some research, you need to run both Malware Bytes and a registry repair tool. There are some good freeware ones available, RegCure comes to mind. Also, if and when you get your system back to working order, I also recommend downloading ERUNT and Crap Cleaner (great name, but it works). ERUNT is a utility that backs up your registry in the Windows folder. So, if you ever run into a registry problem that you cannot fix, then you should be able to restore to a good point. Secondly, Crap Cleaner is a registry repair and general clean up, which should also help your computer run fast. I suggest running each once per week, ERUNT first, then Crap Cleaner.

I hope this helps. I have learned the hard way and wish to help as many others as I can.

Lew

#3 MATTSPCHELP

MATTSPCHELP

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Leicester, United kingdom
  • Local time:06:40 AM

Posted 18 December 2009 - 05:57 AM

Hey casey , definatley some sort of malware/spyware running there and its using the iexplorer.exe to work , first of all download Malwarebytes free version and install , perform a quick scan,
Microsoft Certified Desktop Support Technician

#4 LewofViriginia

LewofViriginia

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 18 December 2009 - 08:32 AM

If you are unsure on how to get to Safe Mode with Networking, here are some simple instructions.

Start your computer, when if first starts, tap the F8 key until you reach a text window with booting options. Use the arrow key to move the selections up or down, select Safe Mode with networking. This will put you into Windows but with a limited set of drivers installed. Your Windows screen may look different than normal (e.g. different background and possibly screen size), that is OK. Open Malware Bytes, update the latest version and then let it run. Once complete, restart your computer normally. If Malware Bytes does not fix the problem, repeat the Safe Mode again, run Malware Bytes and then a Registry repair software, which I alluded to in an earlier post.

Good Luck

#5 maalim

maalim

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:istanbul
  • Local time:08:40 AM

Posted 18 December 2009 - 11:13 PM

First up, i'm on a Toshiba satellite laptop, running XP Media Center edition 2002. My computer has been acting up lately, and i'm deployed outside the US so i cant bring it to the local computer guru's to fix so i'm trying to do it myself. Unfortunately, i dont know enough so i'm here. The last 2 days i would be working on the computer on Internet Explorer and it would freeze on me, locking up everything including the mouse. I was noticing also that i would be typing or browsing a window and all of a sudden that window i was in would no longer be highlighted/active, like i had clicked outside the window but my hands were not on the touch pad. I started looking at the task manager and had about 43-45 processes running, with multiple examples of iexplore.exe open but only one window of Internet Explorer. I thought this was suspicious so i googled it and did a little research of my own. I could close them, and usually 1 or 2 of them would open back up by themselves. I searched my files for iexplore.exe and found it in 3 places. One was suspect, in a Prefect folder and the file name IEXPLORE.EXE-27122324.pf. Tried deleting this several times as i read it was a virus. Running Symantec, even in safe mode, nothing was found. File would come back after deleting it.
What i ended up doing was downloading Malwarebytes. I tried running this and nothing would happen, so i researched that problem and found that by changing the file name i was able to run the program. I ran the program and came up with one malware, Rootkit.TDSS file found in a system32 file. I restarted after "deleting" the problem, and ran malwarebytes again. Found another instance of this rootkit.TDSS in a registry key instead of a file. At this point, i looked up the rootkit.tdss on google and it didnt look good, so here i am. I have the 2 logs saved from malwarebytes. Not sure where to go from here to get rid of this stuff and back to normal computing.

I've uninstalled IE8, tried deleting all instances of IE but i'm not being allowed to delete everything. I've switched over to using Firefox. I continue to have the issue of whatever active window i'm using, all of a sudden not being active like i've clicked outside of that window i.e. in the middle of typing, i'll have to click back into the window to continue typing. Hope you guys can help. Thanks! I'm new to this, so if i left out important info i apologize.



The Best way to Remove all kind of Virus,Trojans,Malware,Spyware,
Worm,Pop Up Advertisements ,Hijack Web browser rootkit and all Rogue Fake
Anti-virus in you Computer is Restart You Computer Safe Mode with Networking

1. Log out and reboot your machine.

2. When the machine starts the reboot sequence, press the F8 key repeatedly.

3. Select Safe Mode with Networking from the resulting menu.

4. Login. If the malware has changed your password, try logging in as
Administrator. By default, Administrator has no password.

5. The machine will continue booting, but the Windows desktop will look different.

Then in The Safe With Networking .Download and Scan By Using Malwarebytes’ Anti-Malware http://www.download.com/Malwarebytes-Anti-...cdlPid=10997763
Download and Scan By Using Super Anti-Spyware Press here http://www.superantispyware.com/

Download and Scan By using Norman Malware Cleaner Press here http://majorgeeks.com/downloadget.php?id=5...0e991265b3250e7

Download ATF is a new, freeware, temporary file cleaner for Windows, IE, Firefox and Opera with a simple, easy-to-use interface.

The main screen allows the user to either clean all temporary files, or select files for cleaning. The program also knows if Firefox and or Opera is being used, and gives the option of cleaning the temporary files associated with those applications.

ATF Cleaner provides the user with a window showing the total bytes freed upon completion. The program is small (36kb), quick to run and no installation required. to Download ATF Cleaner press this link http://majorgeeks.com/ATF_Cleaner_d4949.html

6. When you're finished Remove Virus, Malware, Trojan, Worm,
rogue
virus rootkit and
Spyware log out and reboot back into normal mode




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users