Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDL4 from Rogue


  • Please log in to reply
1 reply to this topic

#1 dkkelso

dkkelso

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 29 April 2011 - 03:06 PM

Good afternoon. After a rogue malware program installed, the computer would not boot. I finally got into recovery console and fixed mbr, and booted, updated Malware bytes and ran a scan. It detected several Trojans, and cleaned them, after which the computer would not boot. I did a repair installation, ran MBAM again, and system listed as clean.

But, Avast! wouldn't start, and Windows Update would not load. So, I ran Avira boot cd, and it cleaned several Java based malware classes. After which, Avast! would run and update, and MBAM still showed everything clean.

During MBAM scan, though, Avast popped up and said MBR: \\.\Physicaldrive 0 was infected with MBR:TDL4.

So, after searching for that virus on this site, I found that the solution was ComboFix. And after reading that ComboFix should only run when told to do so by a member of this forum, I... decided to post here, instead of following those same instructions.

I'm trying to keep the infected laptop off the net, because I don't know what is on and what may be sent out. Any evidence that TDL4 spawns itself onto inserted media, such as flash drives, in case I need to download and transfer any files?

BC AdBot (Login to Remove)

 


#2 dkkelso

dkkelso
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 06 May 2011 - 10:25 PM

I am open to other ideas, if ComboFix wouldn't be the suggested route...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users