Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot remove TDSS malware - help!


  • This topic is locked This topic is locked
5 replies to this topic

#1 dcssuk

dcssuk

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 02 September 2011 - 01:31 PM

Hello,

I first noticed I had this malware a few days ago after MSE alerted me it was found. However MSE cannot remove it - it tells me it is gone but later on it will be found again after reboot. I have done some searching and discovered the TDSS Killer application. At first it didn't find anything but eventually it did and was removed successfully. However, I believe I have reinfected my machine but I know what it came from and so will refrain from running that program in the future.

My problem is that now even though I am re-infected TDSS Killer does NOT find the rootkit on my system, even though MSE does. What can I do? HitMan Pro, SpyBot S&D, GMER.exe and MalwareBytes all fail to find this virus. Only MSE is finding it.

One strange thing is that I do not actually get any of the effects I am supposed to. There is no Google redirections or any other negative effects that I notice such as websites or applications not loading when they are supposed to. The only thing that alerted me to a virus apart from MSE is that 3 times now my PC has just randomly restarted itself (although it hasn't happened since I reinfected), but I couldn't find anything to do with TDSS doing that online. The version I have in particular is TDL-4.

I really want to get this off my PC, I will reformat if necessary but I have read that as it infects the Master Boot Record a reformat may NOT cure the infection. I am very worried about my passwords being stolen and so I will do all transactions from another PC.

My OS is Windows 7 Ultimate 64 bit.

Help!

Edited by dcssuk, 02 September 2011 - 01:32 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:50 AM

Posted 02 September 2011 - 02:02 PM

Hello, what is MSE finding?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 dcssuk

dcssuk
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 02 September 2011 - 02:50 PM

It calls it "Trojan:Win32/Alureon"

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:50 AM

Posted 02 September 2011 - 03:02 PM

OK,thanks. If TDSS Killer won't stop it then we'll need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on. Or post the log you have.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 dcssuk

dcssuk
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 02 September 2011 - 05:24 PM

Step 6 changes nothing.
On step 8 with the GMER log I can only select Services, Registry, Files and ADS. All the others are greyed out.
I have also included a log of MBRCheck.exe, which reports I have standard MBR.

I have made a new topic as requested and uploaded the logs needed, here is the URL.

If it is still not able to find the virus I do not mind just reformatting, although I will need some help on how to format the MBR too as I am not entirely sure how. Thanks for your help.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:50 AM

Posted 02 September 2011 - 06:58 PM

Thanks, These tools will not remove they only provide the information that the trained log analyst will review and determine the proper fix.
This will take a couple days.
Your decision as to what action to take should be made by reading and asking yourself the questions presented in "When Should I Format, How Should I Reinstall?" In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore removes everything and is the safest action but I cannot make that decision for you.

Reformatting a hard disk deletes all data. If you decide to reformat, you can back up all your important documents, data files and photos. The safest practice is not to backup any autorun.ini or .exe files because they may be infected. Some types of malware may disguise itself by adding and hiding its extension to the existing extension of files so be sure you take a close look at the full name. After reformatting, as a precaution, make sure you scan these files with your anti-virus prior to copying them back to your hard drive.

If that is your decision please send me a PM (personal Message and I will remove your LOG topic so someone doesn'y invest the time reviewing etc..

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users