Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Rootkit.TDSS.v3 won't be beaten

  • Please log in to reply
1 reply to this topic

#1 SteveD9


  • Members
  • 1 posts
  • Local time:11:05 PM

Posted 04 November 2011 - 12:34 PM

Hello. First post for me and I hope someone can help - I've been plugging away at work at this one for so long it's embarrassing but looking at some of the expertise shown on here - my fingers are crossed one of you gifted good Samaritans can assist.

Thanks in advance to anyone who reads this.
I have a pc where the user (despite many warnings) opened the attachment on the fake UPS mail. This wiped the desktop and start menu for that user. Things looked ok for admin so removed the user file and logged in afresh. Then noticed Google results were being redirected when clicking on them. Scanned with malware bytes, avg sbs, hitman pro,lavasofts adaware with no joy - I checked all were up to date prior to scanning.

Getting desperate, eventually a PC Tools | Spyware doctor's free scan found it and said it could remove it -the culprit - Rootkit.TDSS.v3 - Joy I thought - paid for the licence and all seemed well. However despite multiple attempts at fixing it - the thing keeps coming back. Tried safe mode with networking scan and fix - no joy. Tried scanning as the user, as admin, when logged in to our domain and also when logged into just the pc. The little weasel is still there and still redirecting (to budgetsafe.net most of the time). Tried Kaperskys TDSS killer (renamed it as directed but still wont run). Tried customer support at PC Tools but getting nowhere fast.

I do have a hijackthis log but understand it's polite to be asked before posting it.

Please help.


BC AdBot (Login to Remove)


#2 hamluis



  • Moderator
  • 56,386 posts
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:05 PM

Posted 04 November 2011 - 01:09 PM

<<I do have a hijackthis log but understand it's polite to be asked before posting it.>>

Please follow the guidelines in Preparation Guide, Before Using Malware Removal Tools and Requesting Help - http://www.bleepingcomputer.com/forums/topic34773.html .

This will result in your posting the reuested logs in the proper forum, BC Virus, Trojan, Spyware, and Malware Removal Logs - http://www.bleepingcomputer.com/forums/forum22.html .

Thanks :).


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users