Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help me get rid of rootkit.win.32.tdss.d.


  • Please log in to reply
2 replies to this topic

#1 maced

maced

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 12 April 2010 - 06:05 AM

Hi i am running windows xp sp3 and have kaspersky internet security 2010.
When i perform a full system scan Kaspersky 2010 says my system memory is infected with Rootkit.WIN.TDSS.d.
However it is unable to delete or disinfect it.

I posted a topic in the kaspersky forum 5 days ago and they have been unable to help. Their entire forum is full of users who have been infected with the same malware.

Now my problem has got worse as well as my system memory being infected with Rootkit.WIN.TDSS.d.
I can now not access the Windows update webpage. Some time when i click on a link my browser gets redirected to phising sites.

Kaspersky now regularly shuts down my browser saying:
07/04/2010 12:44:16 Detected: Trojan-Downloader.JS.Agent.fce [malicious URL] Generic Host Process for Win32 Services
07/04/2010 12:44:55 Detected: Exploit.JS.Pdfka.bul [malicious URL] Generic Host Process for Win32 Services
07/04/2010 12:57:46 Denied:[malicious URL] (analysis according to the base of phishing web addresses) [malicious URL] URL found in the base Firefox

I also have a svchost.exe trojan that keeps reappearing in oddly named folders after Kaspersky deletes it. For example:
c:\windows\temp\mseh.tmp\svchost.exe.

This is my hijack this log
Attached File  hijackthis.log   7.07KB   0 downloads

My Attach log
Attached File  Attach.txt   14.68KB   1 downloads

My GMER Log
Attached File  gmer.log   25.81KB   2 downloads

my combo fix log
Attached File  cmbflog.txt   20.19KB   6 downloads


Thanks

Edited by maced, 12 April 2010 - 06:51 AM.


BC AdBot (Login to Remove)

 


#2 maced

maced
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 12 April 2010 - 12:39 PM

it is constantly crashing now and i have a few deadlines in the coming weeks. Can anybody help?

===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our MRT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the MRT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 12 April 2010 - 07:39 PM.


#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:42 AM

Posted 16 April 2010 - 10:28 AM

Hello maced,



Sorry about the delay.sad.gif If you still need help, please let me know.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users