Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Thought I got rid of TDL3, but I guess I haven't??


  • This topic is locked This topic is locked
3 replies to this topic

#1 LilJohnAY

LilJohnAY

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 26 September 2010 - 02:49 PM

I got the TDL3 rootkit virus on the 14th of this month, and was terrified beyond belief. I'll give a history of events as far as I can remember....

-Got the virus
-Got notices about the fake "Security Center 2010" telling me I had an infected computer and all
-Couldn't open any programs
-Rebooted my computer to try and run some programs right when I started it, but couldn't
-Not being the most knowledgeable about this kind of stuff, I used the mobile internet on my phone to look up what to do, and was brought to some threads here
-The second I logged back on my computer, I CTRL+ALT+DEL'd to try and stop the malware programs, which worked
-I ran scans with AVG Free, MBAM, and Hitman Pro.
-AVG and MBAM both eventually found some files, and successfully deleted them. The "Security Center 2010" program no long comes up.
-Hitman Pro found some as well, and those were deleted. But, the program said I had traces of the TDL3 Rootkit virus, which it could not delete
-I found out from here to get TDSSKiller, which found some things and successfully deleted them, as well.
- (If I remember correctly >_< ) After that, Hitman Pro no longer said about the traces of the TDL3 rootkit virus
-The whole time, whenever I tried to search in the Google search bar in Firefox, I would be redirected to a site "http://search.search-tab.com/index.php?cx=!partner-pub-8451664467457009%3Ajglzz2os78e&cof=FORID%3A10&ie=utf-8&q=google&siteurl=search.search-tab.com%2F%3Fs%3Dgoogle%26sid%3D10101057100" (that was after searching "google" in the toolbar)
-Nothing I have done has gotten rid of this, as the problem still persists
-After reading about this rootkit virus, and how it hides itself as another drive and in system files and all, I'm afraid that I am still infected, and none of the programs can detect it.
-I looked elsewhere online for others with those problem, one person said to go to the "hosts" file, open in with Wordpad/Notepad, and delete everything besides "127.0.0.1 localhost", which I did, and saved the file. After reopening it, I saw that the rest came back. :/ Granted, before them it had said "# Start of entries inserted by Spybot - Search & Destroy", so maybe I shouldn't worry about this??
-And here I am, now. Worried I still have some kind of infection deep down. :'[

I'm sorry about my lack of knowledge for these things, and my faulty memory. :/

Any help would be highly, highly appreciated, though. Thanks in advance, guys.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,556 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:02 AM

Posted 26 September 2010 - 09:00 PM

Hello, in this situation you have a protected malware that needs professional removal.

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 LilJohnAY

LilJohnAY
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 27 September 2010 - 08:35 PM

Okay. Thank you for the response, boopme. I did as requested and made the thread here. Oh, and the GMER scan took hours to complete. Upon completion, when I clicked "Save" to save the log, the program froze up on me. This happens every time I've scanned with it. :thumbsup: Although, all the results of the scan came up in the first few minutes. Even in all the hours after that, there was nothing additional to report.

Thanks again.

Edited by LilJohnAY, 27 September 2010 - 08:36 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,556 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:02 AM

Posted 27 September 2010 - 11:47 PM

That OK, Your topic is good there. It will be a day or two yet, We are jammed,but you will be answered.

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users