Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDSS Killer made my computer go kaput


  • Please log in to reply
8 replies to this topic

#1 blimper

blimper

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 11 November 2010 - 06:21 PM

Hi,

Last week I noticed a repeated notification from Symantec Endpoint Protection saying "Tidserv Request Detected". I searched the problem on the internet and was directed to download TDSS Killer from Kaspersky Antivirus Lab. When I ran TDSS Killer as directed, ensuring the box marked "cure" was ticked, the computer told me it needed to reboot to complete the process. The computer did indeed restart, but Windows failed to boot, flashing up a brief bluescreen for too short a time to read it. I used F8 to get to the setup menu and disabled the automatic restart on crah to see what the blue screen read and it was as follows:

_____________________

A problem has been detected and Windows has been shut down to prevent damage to your computer.

If this is the first time you've seen this Stop error screeen,
restart your computer. If this screen appears again, follow these steps:

Check for viruses on your computer. Remove any newly installed
hard drives or hard drive controlers. Check your hard drive
to make sure it is properly configured and terminated.
Run CHKDSK /F to check for hard drive corruption, and then
restart your computer.

Technical information:

*** STOP: 0x0000007B (0xFFFFF880009A9928,0xFFFFFFFFC000000D,0X0000000000000000,0x0000000000000000)

_____________________________________


I have tried all system repair and system restore options to no avail.....nothing works. Am desperate at this stage as I fear my computer may be irreperable damaged.

Please help.

Thanks

BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,687 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:31 PM

Posted 12 November 2010 - 12:12 AM

Hi, and :welcome:

Chances are the Master Boot Record (MBR) is corrupted. You will need a USB (flash) drive and a CD to burn.

Download GETxPUD.exe to the desktop of your working computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and when complete will open BurnCDCC ready to burn the image.
  • Click on Start and the cd tray will eject.
  • Insert a blank cd and click OK - the drive will close, burn the cd and eject when complete.
Now
  • Download xPUDtestdisk.exe and save it to the USB device
  • Double click xPUDtestdisk.exe to extract the contents to your USB device
  • Remove the USB & CD and insert it in the ailing computer
  • Boot the ailing computer with the CD you just burned
  • A Welcome to xPUD screen will appear
  • Click the File
  • Expand mnt icon on the left
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press Enter

    dd if=/dev/sda of=mbr.bin bs=512 count=1

  • That should create a file in your USB labeled MBR.bin. After completing the instructions below, zip that file and attach it to your next reply.
  • Type testdisk/testdisk_static
  • Press Enter
  • The TestDisk command window will open
  • Choose Create and press Enter
  • TestDisk will now detect all local hard drives
  • Use the arrow (up and down) keys to highlight the disk called /dev/sda if it represents your primary hard drive and press Enter
  • If your not sure then note everything you see and post it for my review
  • Select [Intel] and press Enter
  • Select [Analyse] and press Enter, then press Enter again to run a [Quick Search]
  • When complete, press Enter to continue, then select [Deeper Scan] and press Enter.
  • When the deeper search completes, press Q repeatedly until TestDisk closes.
  • Close the Terminal Window
  • Remove the flash drive and put it back in the working computer, then post the contents of (or attach) the testdisk.log file on the flash drive, at this point you should also zip the MBR.bin file and attach the zipped file to the reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 blimper

blimper
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 12 November 2010 - 09:15 AM

Thanks will give that a shot and come back to you

#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,687 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:31 PM

Posted 12 November 2010 - 10:54 AM

:thumbup2:

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 blimper

blimper
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 12 November 2010 - 11:19 AM

So I made the cd and downloaded the tool to a USB key. I connected the USB and inserted the CD and booted up the computer. I first got a welcome screen with xPUD on the left and a list of languages on the right. I was unable to navigate the list of languags with either keyboard or mouse, and after a few secons it automatically went to the screen attached (had to use a photo as had no other way of recording what it said).

Is this a problem with the downloaded tool?

ThanksAttached File  photo.JPG   355.42KB   6 downloads

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:31 PM

Posted 12 November 2010 - 12:57 PM

Moved this topic to Virus, Trojan, Spyware, and Malware Removal Logs from Windows 7... where it will stay.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,687 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:31 PM

Posted 12 November 2010 - 03:10 PM

That seem to be due to an incompatible display driver.

Newer computers can boot to USB drives. Lets attempt to create a bootable USB drive and add some drivers.

You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer.
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer

Now
  • Download the extra drivers opt package and copy it to the opt folder on the usb device.

    http://mesrss.free.fr/xpud/opt/

  • Download xPUDtestdisk.exe and save it to the USB device
  • Double click xPUDtestdisk.exe to extract the contents to your USB device
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • In some computer you can select where to boot from, some are; Press F12 and choose to boot from the USB, others is the Esc key. Consult your computer's documentation.
  • A Welcome to xPUD screen will appear
  • Click the File
  • Expand mnt icon on the left
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press Enter

    dd if=/dev/sda of=mbr.bin bs=512 count=1

  • That should create a file in your USB labeled MBR.bin. After completing the instructions below, zip that file and attach it to your next reply.
  • Type testdisk/testdisk_static
  • Press Enter
  • The TestDisk command window will open
  • Choose Create and press Enter
  • TestDisk will now detect all local hard drives
  • Use the arrow (up and down) keys to highlight the disk called /dev/sda if it represents your primary hard drive and press Enter
  • If your not sure then note everything you see and post it for my review
  • Select [Intel] and press Enter
  • Select [Analyse] and press Enter, then press Enter again to run a [Quick Search]
  • When complete, press Enter to continue, then select [Deeper Scan] and press Enter.
  • When the deeper search completes, press Q repeatedly until TestDisk closes.
  • Close the Terminal Window
  • Remove the flash drive and put it back in the working computer, then post the contents of (or attach) the testdisk.log file on the flash drive, at this point you should also zip the MBR.bin file and attach the zipped file to the reply.

In case this wont work, is there a chance to obtain a Windows XP Installation CD?

Do you have a Windows 7 Installation CD

Edited by JSntgRvr, 12 November 2010 - 03:11 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 blimper

blimper
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 12 November 2010 - 05:47 PM

My God this is starting to feel like the Twilight Zone.....NOTHING works!! It's like the computer is determined to thwart all avenues.

So I followed you instructions for the USB boot, but when I get to the startup screen and press ESC for the Boot Menu, "loading boot menu" comes up and nothing happens....until I disconnect the USB, at which point it hops straight into the Boot Menu, but without the option for booting from the USB device. I tried F12 also but it just brought up "booting from LAN" which also did nothing.

I'm guessing the only possible remedy now is the Windows 7 Disc? Will that definitely work?

Thanks again

#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,687 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:31 PM

Posted 12 November 2010 - 07:19 PM

I would have wanted to backup the MBR, but since there is no other way to access the drive, we will need to recreate the Master boot record. There is always a chance that you may lose your data in the process, but I see no other choice.

Start the computer with the Windows 7 Installation disk and boot to the Repair Console. At the repair console select Command Prompt. At the prompt type the following and press Enter:

bootrec /FixMbr

Once completed type Exit and press Enter, then restart the computer. If that does not resolve the issue, boot once again to the Repair Console's Command prompt. At the prompt type the following and press Enter:

bootrec /Fixboot

Test once again. If that does not resolve the issue, boot once again to the Repair Console's Command prompt. At the prompt type the following and press Enter (Assuming your main drive is C:):

bootsect /nt60 C:

Test once again and let me know the outcome.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users