My brother has a lenovo T61, windows vista that seems to have become infected with the TDSS rootkit. The first symptom was the internet and such being redirected, he actually lost internet connection capabilities. I was able to get it back in safe mode, and download malwarebytes which is how I found the TDSS infection that it cannot seem to remove.
I was able to find a TDSS remover from kaspersky, but it seems to error out. I figured I would just walk through the steps on here instead of trying various removers. However, now his internet connection is gone. I would like to download the files necessary to generate the logs required in the initial post, but want to know how I can safely transfer the files to his computer and then the logs to mine to post on the internet. I just assumed that the infection would be able to infect my computer through a flash drive or external if I tried that method, correct? If I disable autorun on the drives for the USB/External will that be enough to protect me? I have an inspiron 1525, windows XP as well.
I realize this is not a kaspersky forum, so I don't expect help just for the kaspersky error, but I'll post it for reference anyway (and below is the last malware bytes scan):
TDSS rootkit removing tool, Kaspersky Lab 2009
version 2.1.1 Dec 20 2009 02:40:02
UnhookRegistry: Cannot get access to KLMD, error 2
Scanning Kernel memory...
Infected objects in memory: 0
Cured object in memory: 0
Infected objects on disk: 0
Objects on disk cured on reboot: 0
Objects on disk deleted on reboot: 0
Registry nodes deleted on reboot: 0
From malwarebytes his last scan showed:
Registry Keys Infected: 1
Files Infected: 1
Registtry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and delete successfully
C:\Documents and Settings\mare0094\Local Settings\Temporary Internet Files\Content.IE5\82UQKCLB\<long alphanumeric string> (Trojan.Vundo) -> Quarantine and deleted succesfully
The Trojan.Vundo seems to comeback every now and then, I'm assuming when I connect to the internet, and the Rootkit, although it says it's cleared out, is there every single scan.
I appreciate your time and assistance in helping me clean his computer
Edited by macman104, 13 January 2010 - 01:23 AM.