This is the pertinent section of the log which indicates a TDSS rootkit
infection. The forged file was identified and will be cured after reboot.
2011/02/07 22:37:48.0078 4328 Detected object count: 1
2011/02/07 22:38:00.0921 4328 VolSnap (7d6322d2567d94acf1e8c4b79ea1c880) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/07 22:38:00.0921 4328 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7d6322d2567d94acf1e8c4b79ea1c880, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/02/07 22:38:03.0859 4328 Backup copy found, using it..
2011/02/07 22:38:03.0921 4328 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot
2011/02/07 22:38:03.0921 4328 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure
To learn more about this infection please refer to:
Please reboot if you have not done so already. Rerun TDSSKiller again and post the new log to confirm the infection was cured.
Try doing an online scan to see if it finds anything else that the other scans may have missed.
Please perform a scan with Eset Online Anti-virus Scanner
- This scan requires Internet Explorer to work. If using a different browser, you will be given the option to download and use the ESET Smart Installer.
- Vista/Windows 7 users need to run Internet Explorer as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
- Click the green button.
- Read the End User License Agreement and check the box:
- Check .
- Click the button.
- Accept any security warnings from your browser.
- Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
- Click the Start button.
- ESET will then download updates for itself, install itself, and begin scanning your computer.
- If offered the option to get information or buy software at any point, just close the window.
- The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
- When the scan completes, push
- Push , and save the file to your desktop as ESETScan.txt.
- Push the button, then Finish.
- Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt
file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click
, then type or copy and paste everything in the code box below into the Open dialogue box:
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
- Click Ok and the scan results will open in Notepad.
- Copy and paste the contents of log.txt in your next reply.