Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Possible variant of the TDL3 (alias Alureon) rootkit detected

  • This topic is locked This topic is locked
2 replies to this topic

#1 steveyeaman


  • Members
  • 2 posts
  • Local time:03:32 AM

Posted 11 November 2010 - 10:42 AM

Firstly thank you for taking your time to read my topic. I am not the most technically minded person however my hours of google searching for a fix to my problem has led me to this website.

Recently my Google Chrome browser stopped opening any webpages (not even the recent history page), this led me to unistall and go back to using Firefox. However my firefox constantly crashes and also searching in google leads me to random incorrect webpages such as 'Gomeo'
After searching for measures to fix this I installed Hitman Pro 3.5 and did a scan I removed everything it detected, however at the top it says; 'Possible variant of the TDL3 (alias Alureon) rootkit'

Now after researching I noticed a lot of people are advised to use Combofix, but I read the instruction not to do so unless advised by a technician.

So there you have it (sorry if that is not enough detail let me know)

Many Thanks


BC AdBot (Login to Remove)


#2 steveyeaman

  • Topic Starter

  • Members
  • 2 posts
  • Local time:03:32 AM

Posted 11 November 2010 - 11:14 AM

My friend has done some tests and I believe this has actually solved the problem. By this I mean I no longer ger the 'Possible variant of the TDL3 rootkit detected'
Below is a summary of the actions carried out;

Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.


Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

* Ensure all Firefox windows are closed.
* To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
* When prompted to run the scan, click Yes.
* It doesn't take long to run, once it is finished move onto the next step


Download TDSSKiller and save it to your Desktop.

* Make sure all other windows are closed and to let it run uninterrupted.
* Extract the file and run it.
* Reboot your machine and see if the infection is gone

#3 Budapest


    Bleepin' Cynic

  • Moderator
  • 23,579 posts
  • Gender:Male
  • Local time:01:32 PM

Posted 11 November 2010 - 04:37 PM

As this issue appears to be resolved I am closing the topic. Please send me (or any other Moderator) a Personal Message (PM) if you would like the topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users