Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I still infected


  • This topic is locked This topic is locked
2 replies to this topic

#1 supadupahands

supadupahands

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brighton, UK
  • Local time:02:50 AM

Posted 25 March 2011 - 10:00 AM

Hi

Yesterday I had several BOD during normal use of my Windows 7 64 bit dell desktop. previous to this windows had been repeatedly asking for permission to run some very strange looking exes that I hadn't ran. I stoppped the process using task manager and then ran malware bytes to see if anything untoward was happening, about 2 minutes in BAM BOD relating to drivers.

I immediately logged back in on safe mode and tried running malware bytes again, found 19 infections (I have log files if needed) including 2 trojans and the rest part of a rootkit - Tdss

quickly got out my notebook (linux!) and started googling and eventually found the Kasperky TDSS rootkit killer which i ran and it found the rootkit at driver level. I rebooted into safemode ran malware bites again and it found 16 files in sys32 which i removed.

then rebooted back in normal windows and ran full scans with Mbam, MSE and sophos webkit finder none of which found anything...

My Questions are these; Is there anyway of knowing how long I have been infected for? I am aware that rootkits can remain undetected for sometime, I have already reset most of my passwords and instructed my wife to do the same, should we take further precautions?

next question is off course am I still infected? i am also very aware that rootkits can hide themselves from the most advanced of tools, so what can I do to ensure that the pc is not infected?

many thanks in advance, I am a desktop engineer and have several years experience with support, never had to deal with a rootkit of this variant on my own pc before however oh and I am a total n00b when it comes to posting on support forums, but happy to do whatever it takes for you guys to help me

Alex

EDIT: I have removed the malware logs after reading the etiquette post, sorry!

Edited by supadupahands, 25 March 2011 - 11:30 AM.


BC AdBot (Login to Remove)

 


#2 supadupahands

supadupahands
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brighton, UK
  • Local time:02:50 AM

Posted 25 March 2011 - 11:49 AM

I have now posted this with logs in the correct forum, how do I delete this post?

#3 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,250 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:06:50 PM

Posted 25 March 2011 - 06:31 PM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MR Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users