Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDSSKiller Killed My Computer


  • Please log in to reply
63 replies to this topic

#1 SuperBusa

SuperBusa

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 05 January 2010 - 08:55 PM

Hi All ... I found this site trying to search for a solution to a major problem that has occurred from using TDSSKiller.exe while trying to clean my computer of malware, etc. I can tell there are some very sharp members here that might be able to help me out on this major fiasco. Hope I posted this in the right Forum - saw other talk of using TDSSKiller in this Froum.

Anyway, when I ran TDSSKiller the following happened ... here are the details:

I downloaded and ran TDSSKiller.exe based on what I read in the links below.

Info on TDSSKiller.exe
http://www.myantispyware.com/2009/12/22/ho...e-rootkit-tdss/
http://support.kaspersky.com/viruses/solutions?qid=208280684

So I ran TDSSKiller.exe and it gave the following message:
"Driver atapi Irp handler infected by TDSS rootkit ... cured"

The same message can be seen on the 2nd line in the Kernel Memory Scan in the TDSSKiller screen below. My messages in the TDSSKiller screen had no lines below the one I showed above, but just the flat curser symbol at the end & bottom of the text string.

Posted Image

My machine was totally locked up at this point. NOTHING responded except the mouse. I could not close anything ... I couldn't even get Task Manager to open up.

Did a hard boot and the computer seemed to have recovered. Re-ran TDSSKiller.exe because I thought maybe it didn't run to completion based on the lack of message text (compared to the photo above). Again, the same message was given by TDSSKiller and the computer was locked up tight again. Did another hard reboot and this time the screen comes up black with the following message in white text"

A disk read error occurred
Press Cntl+Alt+Del to restart


So I tried a Cntr+Alt+Del and it tries to restart, but comes right back to the black screen with the disk read error message above. Tried an F8 on reboot (Safe Mode) ... same disk read error message above.

I'm dead in the water ... ANY IDEAS on how to recover from this one?

I probably have a Windows Recover disk somewhere ... is that something that might fix this?

Thanks for any help on this !!

Edited by SuperBusa, 06 January 2010 - 06:49 PM.


BC AdBot (Login to Remove)

 


#2 SuperBusa

SuperBusa
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 05 January 2010 - 10:14 PM

^^ Bump ^^

Anyone have any ideas how I can recover from this without flattening my HD and rebuilding it?

Edited by SuperBusa, 05 January 2010 - 10:14 PM.


#3 SuperBusa

SuperBusa
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 06 January 2010 - 03:37 PM

^ Bump ^

Anyone ???

I can't believe nobody is interested in knowing that TDSSKiller messed up my computer and I can't even boot it up and would like to know if this is recoverable. Please help if you have any ideas.

#4 AnthonyC

AnthonyC

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 06 January 2010 - 04:14 PM

Do you realise how many people are here looking for help too? You have to wait a couple of days for a member of this site to have the opportunity to help you.

Trying to get your topic to remain at the top of the list by posting on it probably won't help you either. I'm sure they specifically say not to do that in their guidelines. I probably shouldn't reply to this either but I thought I'd let you know the situation.

I'm sure you'll get the problem sorted out soon. Don't worry about it.

#5 SuperBusa

SuperBusa
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 06 January 2010 - 06:41 PM

Thanks for the info ... buy it went to page 3 in a day with no replies, so apparently there are many people looking and posting on the board. Maybe it's a problem nobody has any advice to give?

At least it might be valuable information for someone else who is maybe thinking of using TDSSKiller ... as there is an obvious risk in doing so. It totally messed up my computer as described above, and I'm totally dead in the water as a result of trying to use TDSSKiller to clean my computer of malware, etc. It killed everything but what it was designed to kill. :thumbsup:

Edited by SuperBusa, 06 January 2010 - 06:49 PM.


#6 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 06 January 2010 - 07:06 PM

Think about it...!

A helper may be looking through the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 5 replys. A member looking to help you may assume another member is already assisting you and not read your thread.

Don't worry about this additional post, I just don't want your thread to be lost.

(Don't reply to this please.)

#7 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia

Posted 07 January 2010 - 05:47 AM

SuperBusa
Rest assured that your post has not gone un-noticed.

A disk read error occurred Press Ctrl+Alt+Del to restart
This is not necessarily related to the use of TDSSKiller: Let's start with checking your HDD, and then check your disk file system.

Please start by doing the following ....

:trumpet: Disconnect or remove any other hard drive that may be connected to this system: This includes internal secondary/slave hard drives, external USB (or other hard drives), USB flashdrives etc. Remove any other drive media ... floppy, CD/DVD, card etc

Does your system boot now?


:flowers: Check that your hard drive is not failing.
  • Find the brand name of your hard drive. You will find this info on the label of the hard drive (most likely you will have to remove the hard drive from the box to read the label). You will also find sufficient info to identify the drive (the model number) by looking in the BIOS Setup Menu (then google the model number to determine the brand).
  • Download the diagnostic utility from the hard drive manufacturer's website to create a bootable floppy or CD. Boot with it, and run the short/quick test and then the long/extended test, and check the S.M.A.R.T. status.
    Hard Drive Diagnostics Tools and Utilities
    http://www.tacktech.com/display.cfm?ttid=287
  • If you have trouble identifying your hard drive manufacturer, use the Hitachi diagnostic utility: It will work with most hard drives.
Please post the result.


:thumbsup: If your hard drive test result is "PASS", with no errors what-so-ever ....
Start the Recovery Console using a Windows XP CD (or an XP Recovery Console .ISO image that has been burned to CD).
  • Insert the CD in the computer's optical disk drive tray.
  • Start or re-start the computer so that it boots from the CD. You may be prompted to "Press any key". (If the system does not appear to be booting from the CD, you may need to enter the BIOS Setup Menu and change the boot order, so that the CD-ROM/optical disk drive is set to boot before the hard disk drive.)
  • When the Welcome to Setup screen appears, press the R key on your keyboard to start the Recovery Console.
  • The Recovery Console will ask which Windows installation you would like to log on to. If you have multiple Windows installations, it will list each one, and you would type the number associated with the installation you would like to work on and press the <ENTER> key. If you have just one Windows installation, type 1 and press <ENTER>.
  • You will be prompted for the Administrator's password. If there is no password, (and this is most likely), simply press <ENTER>.
  • You will be presented with a C:\Windows> prompt. (Please advise if you are not seeing a C:\WINDOWS> prompt.)
At the C:\Windows> prompt, type chkdsk /p and press <ENTER> (Note: There is a space between "chkdsk" and "/p")
  • This test will take some time to run and at times may appear stalled but just let it run.
  • If any errors are found/repairs made, run chkdsk /p again, and repeat if necessary.
Type "exit" at the prompt and press <ENTER> to close the Recovery Console and restart your system.

Does Windows start normally now?

Edited by AustrAlien, 07 January 2010 - 03:44 PM.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#8 SuperBusa

SuperBusa
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 07 January 2010 - 05:28 PM

AustrAlien - thank you very much for the help! :thumbsup: I can see you are a power house on this board.

I found it very strange that my computer totally locked up when using TDSSKiller ... twice. And then this boot up error occurred. Guess it could be a HD failure coincidence, but my gut feeling is some boot up files got corrupted somehow. Guess your testing suggestions will tell that.

I will follow your suggestions and report back.

Edited by SuperBusa, 07 January 2010 - 05:30 PM.


#9 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:10:03 AM

Posted 07 January 2010 - 09:11 PM

my gut feeling is some boot up files got corrupted somehow.

I think you are pretty close to the mark: Not Windows boot files as such perhaps, but maybe corruption of the disk NTFS file system, after the untimely shut downs (crashes). If that is the case, chkdsk /p should fix the problem and Windows will start for you. Who knows? Time will tell.

Just "should" check the HDD first, to play it safe: It is always a possibility.

Good luck.

Edited by AustrAlien, 07 January 2010 - 09:22 PM.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#10 SuperBusa

SuperBusa
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 08 January 2010 - 12:34 AM

SuperBusa
Rest assured that your post has not gone un-noticed.

A disk read error occurred Press Ctrl+Alt+Del to restart
This is not necessarily related to the use of TDSSKiller: Let's start with checking your HDD, and then check your disk file system.

Please start by doing the following ....

:thumbsup: Disconnect or remove any other hard drive that may be connected to this system: This includes internal secondary/slave hard drives, external USB (or other hard drives), USB flashdrives etc. Remove any other drive media ... floppy, CD/DVD, card etc

Does your system boot now?


AustrAlien - I performed :flowers: as you requested ... the results were the same:
Black screen with the same disk read error message.

All peripherals were disconnected. I usually have an external HD plugged into the USB, but it remains off unless backing up. I unplugged it anyway. No CD, or USB sticks installed. Also kept the modem off. There is only one HD inside the computer .... a Seagate Barracuda 7200.7, model ST3200822A (200 GB).

What's strange is that when I ran TDSSKiller it locked up twice while running and totally locked up the computer requiring a hard reboot, and then my machine totally died the second time I ran TDSSKiller and had to do another hard reboot. I just find it odd that this would be a HD mechanical issue unless it was just pure freaky coincidence the HD failed while running TDSSKiller. I do agree that files could have gotten corrupted from the hard reboots ... but doesn't the system protect itself somehow knowing a hard reboot is taking place?

Forgot to add something. I read on this site the other day but can't find the thread now, and don't recall which member said the following. It was recommended that when running TDSSKiller that you put the .exe file on your desktop before running it. I did not do this, but ran it from a folder I had put it in after unzipping it from the .zip file that it come when downloaded. Would this have caused TDSSKiller to lock up my computer while running it?

Edited by SuperBusa, 08 January 2010 - 01:04 AM.


#11 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:10:03 AM

Posted 08 January 2010 - 02:05 AM

but doesn't the system protect itself somehow knowing a hard reboot is taking place?

If the system crashes, I don't think Windows knows anything about it. I think it would be like getting slammed in the head from behind: You wake up with the injuries and know nothing of the event.

Anytime Windows has an untimely shutdown, there is the risk of disk file corruption. After any such event it is always a wise move to run chkdsk /f (from the Recovery Console that is chkdsk /p) or chkdsk /r to check for such a possibility and to repair it.

Ensure that TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop. <<< Important!

That comes from my instructions.

You wrote: "I did not do this, but ran it from a folder"
That is an interesting possibility: I will make a point of investigating the location from which the file is run in cases where there is a similar issue.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#12 SuperBusa

SuperBusa
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 08 January 2010 - 09:48 AM

Ensure that TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop. <<< Important!

That comes from my instructions.

You wrote: "I did not do this, but ran it from a folder"
That is an interesting possibility: I will make a point of investigating the location from which the file is run in cases where there is a similar issue.


What's bad is that the instructions for downloading and running TDSSKiller from the Kaspersky website says nothing about running the .exe from the desktop or any other kind of special instructions.

http://support.kaspersky.com/viruses/solutions?qid=208280684

All Kaspersky's website says is:

Disinfection of an infected system

* Download the file TDSSKiller.zip and extract it into a folder on the infected (or potentially infected) PC.
* Execute the file TDSSKiller.exe.
* Wait for the scan and disinfection process to be over. You do not have to reboot the PC after the disinfection is over.

Edited by SuperBusa, 08 January 2010 - 09:51 AM.


#13 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:10:03 AM

Posted 09 January 2010 - 01:32 AM

What's happening your end? Are you proceeding with steps 2 and 3?
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#14 SuperBusa

SuperBusa
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 09 January 2010 - 03:36 AM

What's happening your end? Are you proceeding with steps 2 and 3?


Thanks for checking back in AustrAlien. I have been busy the last couple days, but I am about ready to move to :thumbsup:.

So just to make sure I'm on the right track, my plan is to:

1) Create an ISO CD-ROM Image of "SeaTools for DOS" from here [ http://www.seagate.com/www/en-us/support/d...ols/seatooldreg ] and burn the CD-ROM per [ http://seagate.custkb.com/seagate/crm/self...&NewLang=en ]. I have access to a laptop with EasyCD Creator to do this work.

Note - I take it that I can not use the "SeaTools for Windows" at this point since Windows will not boot up (?).

2) Boot up from the ISO CD-ROM burned in step 1) above, and run all the "SeaTools for DOS" diagnostics on the HD.

Correct?

Edited by SuperBusa, 09 January 2010 - 03:39 AM.


#15 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:10:03 AM

Posted 09 January 2010 - 04:05 AM

1. SeaTools for DOS is what you need, yes. Those steps are all correct. (SeaTools for Windows is for installation from within Windows).

2. This is from memory only ...
  • When you boot SeaTools for DOS you will have options/menu along the top. In one of the menus you will see short/quick test and long/extended test among others. Run the short ... then the long ...
  • You will also see S.M.A.R.T. status, I am pretty sure.
Basically you will see results as either PASS or FAIL.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users