Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backing up files with TDL3/TDL4 problem


  • This topic is locked This topic is locked
5 replies to this topic

#1 KPhoto

KPhoto

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 19 May 2010 - 12:38 AM

Hi,
How do I know which files I can back up without infecting my external drive? I have been reading that Norton Internet Security and Malwarebyte can't detect this rootkit. So if I scan with these products and they say they are not infected how can I trust them. I would like to back up my files in case I need to format my computer to get rid of the rootkit.
I will appreciate any help or suggestions on how to back-up my files and not infect the external drive.
Thanks,
Karen

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:41 AM

Posted 19 May 2010 - 08:36 AM

Should you decide to reformat or do a factory restore due to malware infection, you can back up all your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), autorun (.ini) or script files (.php, .asp, .htm, .html, .xml ) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executables inside them as some types of malware can penetrate compressed files and infect the .exe files within them. Other types of malware may even disguise itself by hiding a file extension or adding to the existing extension as shown here (click Figure 1 to enlarge) so be sure you look closely at the full file name. If you cannot see the file extension, you may need to reconfigure Windows to show file name extensions. Then make sure you scan the backed up data with your anti-virus prior to to copying it back to your hard drive.

If your CD/DVD drive is unusable, another word of caution if you are considering backing up to an external usb hard drive as your only alternative. External drives are more susceptible to infection and can become compromised in the process of backing up data. I'm not saying you should not try using such devices but I want to make you aware of all your options and associated risks so you can make an informed decision if its worth that risk.Again, do not back up any files with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 KPhoto

KPhoto
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 19 May 2010 - 08:12 PM

Hi Quickman7,

I want to thank you so much for your reply and helpful information.

It will take me a long time to back up my files on DVD's because I have over 2 millon files on my computer. I have a home based business and have tons of graphics to back up. I think I will do it that way so I don't get the infection in the external drive if it is not there now. I guess I will scan that drive also but what software should I use to scan it that will detect the rootkit? Norton Internet Security and Malwarebytes don't seem to detect it. Any suggestions?

Thanks Again,
Karen

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:41 AM

Posted 20 May 2010 - 07:29 AM

You can try these instructions: How to remove the TDSS, TDL3 rootkit using TDSSKiller

I would also download and run Norman TDSS Cleaner.
  • Double-click on Norman_TDSS_Cleaner.exe to run the tool.
  • Read the agreement and click Accept.
  • When the program window opens, click Start scan.
  • After the scan has finished, a log file named NFix_date_time (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 KPhoto

KPhoto
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 20 May 2010 - 08:45 AM

Hi Quietman7,

Extremeboy is working with me to remove the infection right now. Which I'm so thankful for his help.

Should I run any of the programs on my 1 tb external drive before he is finished removing the infection or wait until he is finished? I don't keep my 1 tb external drive hooked up all the time so it hasn't been scan with the other programs that he has had me run and post reports on. I will post this information in the other post which extremeboy is helping me with and see what he wants me to do. I just don't want to end up getting the infection all over again by possibly having the infection in that drive.

I really appreciate your help and advise.

Thanks,
Karen

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:41 AM

Posted 20 May 2010 - 08:53 AM

I was not aware that you had posted a log here and were already receiving help from Extremeboy.

After posting a log, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Response Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Response Team should be the only members that you take advice from, until they have verified your log as clean. Extremeboy is very capable of assisting you so please follow his advice and do not run the tools I noted above while he is in the process of helping you.

To avoid confusion, I am closing this topic until you are cleared by the Malware Response Team. If you still need assistance after your log has been reviewed and you have been cleared, please PM me or another moderator and we will re-open this topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users