This is the pertinent section of the log which indicates a TDSS
/TDL3 rootkit infection
. The forged file was identified and will be cured after reboot.
2010/08/28 01:01:21.0192 Detected object count: 1
2010/08/28 01:01:40.0444 tdx (c995c84b8da7f7b92c948191d6a0e910) C:\Windows\system32\DRIVERS\tdx.sys
2010/08/28 01:01:40.0444 Suspicious file (Forged): C:\Windows\system32\DRIVERS\tdx.sys. Real md5: c995c84b8da7f7b92c948191d6a0e910, Fake md5: 76b06eb8a01fc8624d699e7045303e54
2010/08/28 01:01:40.0802 Backup copy found, using it..
2010/08/28 01:01:40.0808 C:\Windows\system32\DRIVERS\tdx.sys - will be cured after reboot
2010/08/28 01:01:40.0808 Rootkit.Win32.TDSS.tdl3(tdx) - User select action: Cure
Please reboot if you have not done so already.
Try doing an online scan to see if it finds anything else (i.e. remanants) that the other scans may have missed.
Please perform a scan with Eset Online Anti-virus Scanner
- This scan requires Internet Explorer to work. If using a different browser, you will be given the option to download and use the ESET Smart Installer.
- Vista/Windows 7 users need to run Internet Explorer as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
- Click the green button.
- Read the End User License Agreement and check the box:
- Check .
- Click the button.
- Accept any security warnings from your browser.
- Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
- Click the Start button.
- ESET will then download updates for itself, install itself, and begin scanning your computer.
- If offered the option to get information or buy software at any point, just close the window.
- The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
- When the scan completes, push
- Push , and save the file to your desktop as ESETScan.txt.
- Push the button, then Finish.
- Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt
file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click
, then type or copy and paste everything in the code box below into the Open dialogue box:
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
- Click Ok and the scan results will open in Notepad.
- Copy and paste the contents of log.txt in your next reply.