Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help removing Windows Fix Disk and Tdss root kit.


  • This topic is locked This topic is locked
7 replies to this topic

#1 benjeeboi

benjeeboi

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 16 April 2011 - 08:18 PM

Hey there, I seemed to have picked up some malware from I think a dodgy torrent.
I had Windows Fix Disk on my laptop but I located the file and I removed it although maybe not properly, it also seems to have been bundled with what I think is the tdss root kit. I am getting redirects to spam sites and occasionally I will get random audio adverts playing. Also performance of my laptop seems slower and the internet particularly playing flash embedded videos.

I have tried to remove this using a whole host of programs including f-secure scans, malwarebytes, spybot and tdsskiller (renamed also) but to no avail. I have also looked a few threads on here but they seem personal to each case so I didnt want to mess around anymore than I already have.

I am using windows 7 Professional... I think that about covers it... Thanks for any help!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:28 AM

Posted 16 April 2011 - 08:43 PM

Hello and welcome. We need to use a couple tools in this order.


Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.



Please follow our Removal Guide here Remove Windows Fix Disk .
After reading how the malware is misleading you ...
You will move to the Automated Removal Instructions

After you completed that, post your scan log here,let me know how things are.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Edited by boopme, 16 April 2011 - 08:43 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 benjeeboi

benjeeboi
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 16 April 2011 - 08:54 PM

Hello thank you for the reply. I cannot seem to be able to get tdsskiller to open. I saved it on my desktop and tried to open it and it didn't work. I'v tried changing the filename and eextension and "Hide extensions for known file types" is unchecked in C:\

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:28 AM

Posted 16 April 2011 - 09:15 PM

Try TDSSKiller from Command Prompt

Use the following command to scan the PC with a detailed log written into the file report.txt (created in the TDSSKiller.exe utility folder):
Open Command Prompt in XP = click Start >> Run,type cmd
copy and paste this at the flashing cursor and hit Enter

TDSSKiller.exe -l report.txt

If still no jpy ,run the Guide first then TDSS.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 benjeeboi

benjeeboi
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 17 April 2011 - 09:37 AM

Hello, I tried to run TDSSKiller through cmd, it popped up and I excepted it but still no joy... I also tried renaming it and launching via command prompt.
I have been through the guide in your post above if thats what you meant, and I used Rkill and then ran Malwarebytes on a full scan but nothing was found. TDSSKiller still won't open.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:28 AM

Posted 17 April 2011 - 12:56 PM

Uggh, then we need to start a new topic,

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 benjeeboi

benjeeboi
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 17 April 2011 - 02:28 PM

Ok then. thanks so much for putting up with me :) the new thread will be here.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:28 AM

Posted 17 April 2011 - 02:46 PM

No prooblem we need iur people trained in DDS logs to find it now.
Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users