TDSS infection

So I've got a computer that won't boot. When I take the HD and put it into another computer I own, Bitdefender says there is an infection named "Rootkit.MBR.TDSS.A" (boot image.) BD denies access to the file but won't remove it. I've run the Dr. Web and Avira live cd's to no effect. Running MBAM on it now, but I'm pretty sure it won't fix it. I could fix the stupid thing if it would boot. Trying to avoid a full wipe/rebuild of the MBR. Any suggestions/ideas?

Hello and welcome, I moved this to the Am I Infected forum as you did not post the required logs for this one and you topic will get passed.

We neeed to run this on that drive also.
Post this and your MBAM log and yell me how it is..

Thanks for the help. You said

We neeed to run this on that drive also.

Not sure what "this" is. MBAM failed to find anything, running a BD scan now, found 1 item so far, fingers crossed.

Am I correct in assuming that since MBAM found 0 infections you don't really need to see the log?

Edited by mysticduck, 12 January 2011 - 07:58 PM.

Sorry MBAM = MalwareBytes

and I forgot this...

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  Vista/Windows 7 users right-click and select Run As Administrator.
• If TDSSKiller does not run, try renaming it.
• To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
• Click the Start Scan button.
• Do not use the computer during the scan
• If the scan completes with nothing found, click Close to exit.
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
• A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
• Copy and paste the contents of that file in your next reply.

Edited by boopme, 12 January 2011 - 08:07 PM.

Sorry, miscommunication. Knew what MBAM was. It didn't find anything. TDSSkiller won't scan anything but C:, and since this drive won't boot it is currently set as I: any other ideas?

Do you have an install disk? Is this XP?

I run a computer shop so I've got all sorts of stuff. XP, BSODs with a 0x0000007b, hence it being hooked up to a different machine ATM.

I will ask someone to look here thay starts these non booters. Yho I am sure they won't reply today.

As an update, Bitdefender found 5 bugs, none of them being the MBR.TDSS infection.

So is this machine booted as you can run bitdefender?
What was found?

The drive itself will not boot in any machine, I have it hooked to an Esata port on a backup machine I have. The backup machine has Bitdefender, so I scanned the infected drive with it for the heck of it and since BD detects the rootkit when I plug the drive in. If I can't get it figured out soon I'm just gonna wipe it, rebuild the MBR and start over.

OK, I just wanted to check.In all honesty if you have the disks why not just Nuke and repave. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore removes everything and is the safest action. Then you will not have fret missing anything.

Been seeing this infection pop up more and more and was hoping to find a way to just fix it. In this case I know it's just the MBR that is infected, so was hoping for an easier fix than a format. If anyone has any more ideas that would be great, if not no skin off my teeth. Thanks for your help boopme.

Ok, then hold on for that other person to reply. You're welcome.

Got the infection removed. Ended up booting to the XP cd, running a recovery console and using "fixmbr" to replace the infected mbr with a new one. Got it up and running now, gonna run TDSSkiller and MBAM and go from there. Thanks again.