Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Unable to completely remove TDSS virus

  • Please log in to reply
1 reply to this topic

#1 ipab


  • Members
  • 1 posts
  • Local time:07:31 PM

Posted 14 July 2010 - 11:52 PM


My Window XP desktop with McAfee AV was infected with a variant of the google redirect virus. Our search results on Google and Yahoo
were getting redirected.

Until I recognized it as the google redirect virus, I could not load any new Spyware. Once I identified this as a possible cause, search results directed
to a file called wdmaud in C:\Windows\System32. Renaming this file allowed me to temporarily access the net.

I downloaded a variety of options including BulletProofSoft, Spybot/Teatimer, McAfee rootkit, GMER and Malwarebytes. These worked temporarily when I
renamed wdmaud, but the redirects kept reoccurring. The redirections seemed to stop completely when I used TDSSKiller from Kaspersky.

However, while the redirection stopped, some process is continuing to create the wdmaud file on every restart. Also, after an initial start, I am not
to run SpyBot on my system. When started, Spybot initializes but stalls immediately after. Malwarebytes runs but does not find any issues. Neither does
McAfee find any issues.

Unfortunately, since I was given ComboFix through an alternate path, I hadn't read the instructions in this forum to not use it unless requested. I ran
ComboFix on the system twice. The first run produced a Blue Screen and the second a log (appended to this message).

I believe the desktop is still infected since the fake file keeps reappearing. I would appreciate any advice on how I can identify the process that's
creating the fake wdmaud file. The system has also become noticeably faster after all of these scrubs!

Thank you

Edited by Orange Blossom, 15 July 2010 - 10:35 PM.
Move to AII ~ OB

BC AdBot (Login to Remove)


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator

  • Moderator
  • 37,112 posts
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:31 PM

Posted 15 July 2010 - 10:36 PM


Please follow the instructions in ==>This Guide<== starting at step 6.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Since you have run ComboFix, please include the ComboFix log in the new topic. Please be sure to include a description of your computer issues and what you have done to try to resolve them.

If you cannot produce any of the other logs, then please create the new topic anyway, include the information that you were unable to produce the other logs and why and include the ComboFix log along with a description of your computer issues.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users