Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Rootkit.Win32.TDSS.d infection bandwagon

  • Please log in to reply
2 replies to this topic

#1 noblerinthemind


  • Members
  • 2 posts
  • Local time:04:05 PM

Posted 12 April 2010 - 03:54 PM

For all the time I've had a computer, through reading up on sites like this, I've always been able to clear out any viruses on my own, at least from what I can tell, mainly because I've been stubborn, not because I have any computer mastery. I'm at my wits end on this one and am admitting defeat.

As far as I know it started with the XP security center virus, which I've gotten a number of times. I think that I've successfully removed it each time.

Anyhoo, then I got the search engine redirect virus/rootkit.

I've used MalwareBytes, AVG, MS Security Essentials, HiJackThis,Spybot Search&Destroy, Super Anti-Spyware, Hitman Pro 3.5. They've all come up with nothing even though I still have had the redirect happen. More recently I used TDSSKiller.exe with GMER, esage rootkit.exe, combofix.exe, and signed up for a 30 day trial of Kaspersky. All these seem to catch the fact that I have the rootkit, specifically rootkit.win32.TDSS.d according to Kaspersky, but are unable to remove it. Also, according to TDSSkiller and GMER the problem is atapi.sys.

I used a goored cleaner which seemed to work for a minute or two, but eventually the redirect happens again.

I have manually deleted all copies of atapi.sys other than the one in windows\system32\drivers and expanded and copied the original from my XP disc, but it seems that the rootkit virus either re-infects it or is hiding somewhere else because the re-direct seems to come back.

I have windows XP on a Dell 9100. (Dual boot Ubuntu also which I'm beginning to prefer after this episode). I've seen a lot of this rootkit on these boards lately, but thought I might as well jump on the bandwagon.

I can post logs (combofix etc), as asked.

All help greatly appreciated,


BC AdBot (Login to Remove)


#2 Budapest


    Bleepin' Cynic

  • Moderator
  • 23,579 posts
  • Gender:Male
  • Local time:06:05 AM

Posted 12 April 2010 - 05:03 PM

See this:

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 noblerinthemind

  • Topic Starter

  • Members
  • 2 posts
  • Local time:04:05 PM

Posted 12 April 2010 - 05:11 PM

Thanks. I'll do that later on tonight when I get a chance. Sorry to clog this forum category.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users