Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help cleaning an infection


  • Please log in to reply
5 replies to this topic

#1 mrsmh1

mrsmh1

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 13 July 2010 - 11:13 PM

I have windows xp home.

I have no idea what all has infected my computer. I've run several different virus scans and get different results, but none have completely cleaned it.

The most annoying problem is browser redirection. I think it also corrupted registry/operating files since some functions aren't working properly. It disabled system restore.

I was going to run combo fix, but apparently need assistance.

Thanks

Edited by mrsmh1, 13 July 2010 - 11:24 PM.


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:49 AM

Posted 13 July 2010 - 11:30 PM

Try this:

http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 mrsmh1

mrsmh1
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 14 July 2010 - 12:06 AM

Thought that sounded familiar. I've already downloaded Kapersky TDSSKiller under the direction of a Microsoft tech. A couple of programs they had me try wouldn't work. Don't remember if that one ran or not, but if it did, it didn't solve the problem. The link you posted has instructions to rename the exe file, and what I extracted was a txt file with the license agreement and just the application with no separate exe file to rename. Should I try to work with that again or move on to something else?

#4 mrsmh1

mrsmh1
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 14 July 2010 - 12:43 AM

Well I went ahead and tried it again. I can't copy it here, but it said:
"C:\WINOWS\system32\Drivers\pciide.sys" infected by TDSS rootkit...will be cured on next reboot
File objects infected/cured/cured on reboot 1/0/1

It doesn't mention deleting anything per the instructions on your link.

If I remember right, I got the same result previously, and it was still there after reboot. I'm going to do that now and run it again and see what happens. I'll let you know.

#5 mrsmh1

mrsmh1
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 14 July 2010 - 11:28 AM

Even though I've tried tdsskiller and malwarebytes (many times), somehow renaming the file and then scanning back to back seemed to do the trick with the redirection problem. Thank you!

Any recommendations to repair registry damage?

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:49 AM

Posted 14 July 2010 - 04:24 PM

Any recommendations to repair registry damage?

Not anything general. What problems are you still having?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users