Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Infected with TDSS TDL4 rootkit with Google redirecting

  • This topic is locked This topic is locked
2 replies to this topic

#1 decan_tosh27


  • Members
  • 4 posts
  • Local time:08:05 AM

Posted 22 June 2011 - 12:48 AM

Hi BC!

I was infected last week with the PC Recovery Virus (which I believe was executed from visiting a link a WP plugin that was being installed using the admin… or this was timed with a recent update to a bunch of WinXP SP3 updates).

Attempts to get rid of it havent worked -- I managed to clear out the original issue and unhide everything. A day later (last week) the browser started the Google Redirect virus which upon further investigation may be a nice rootkit of the TDL4 nature as I am showing an infected volsnap.sys file on a RootKitBuster, GMER, and RootKitRevealer scan

In Running Task Manager I also see iexplorer active (where IE creates a bunch of files and the computer slows). All said, I have downloaded several anti virus, spyware, malware etc programs (online and local) but cannot get rid of this pest. I am aware of the warnings surrounding running Combofix but have ran it – it hangs and will not complete. Even leaving it for 6 hours, it hangs where I believe the steps should be building (it passes the creating the restore point, etc.). There are warnings about AVG but I have removed AVG first with their program, then with their uninstaller. It is not there from what I can tell.

Attempting to running TDSSKiller also doesnt seem to work even with a different file name on the exe. I need your help and have taken this as far as I can on my own (yikes!)

Attached are the logs as requested for DDS.txt, attach.txt (as zip) and GMER.txt will be added in a moment to the next post

Attached the GMER file

Attached is the finished GMER file (there were a few hidden objects at the bottom) I missed.

Attached Files

Edited by rigel, 22 June 2011 - 06:18 PM.

BC AdBot (Login to Remove)


#2 decan_tosh27

  • Topic Starter

  • Members
  • 4 posts
  • Local time:08:05 AM

Posted 24 June 2011 - 12:05 PM

Seemed to have found a fix which worked - and removed the rootkit. Running all other scans now.

Similar to this post (good karma and creds to you!)

MC MODERATOR - You can close this topic.

#3 SweetTech


    Agent ST

  • Members
  • 13,421 posts
  • Gender:Male
  • Location:Antarctica
  • Local time:09:05 AM

Posted 24 June 2011 - 12:12 PM

As this issue appears to be resolved, this thread will now be closed.

Thread Closed.

Kindest Regards,

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image

The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users