Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Infected with TDSS.d Rootkit - Clean-up problems

  • Please log in to reply
1 reply to this topic

#1 ArizonaGuy


  • Members
  • 1 posts
  • Local time:06:11 AM

Posted 09 May 2010 - 11:15 PM

Before coming to forums for help, I've been giving this is a shot on my own.

I have a Win7 32bit box and Kaspersky finds this rootkit. It requires a reboot to clean but it never does it.

I used TDSSKiller - it finds atapi.sys infected and the same thing happens after rebooting - the problem still exists.

I have used Combofix. This fails with similar results if I launch it from CMD. However, it proceeded to completion, rebooting a couple times, going through all stages and generating a log file after I executed it via PowerShell.

After all that, Kaspersky and TDSSKiller still tell me I'm infected. Good ol' ATAPI.SYS still infected. I'm debating putting much more effort into this versus rebuilding from scratch with a complete drive wipe. (Would mean I'd finally switch to 64 bit that I've been putting off for 6 months or more!).

What say the experts?

Edited by Orange Blossom, 10 May 2010 - 06:07 PM.
Move to AII as no logs posted. ~ OB

BC AdBot (Login to Remove)


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator

  • Moderator
  • 37,011 posts
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:11 AM

Posted 13 May 2010 - 11:47 PM


Please read this topic: http://www.bleepingcomputer.com/forums/t/273628/combofix-usage-questions-help-look-here/ which discusses the use of ComboFix.

Please follow the instructions in ==>This Guide<== starting at step 6.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Since you have run ComboFix, please include the ComboFix log in the new topic.

If you cannot produce any of the other logs, then please create the new topic anyway, include the information that you were unable to produce the other logs and why and include the ComboFix log along with a description of your computer issues.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users