Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Infections


  • Please log in to reply
1 reply to this topic

#1 transceiver

transceiver

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Henderson, LA
  • Local time:03:06 AM

Posted 16 November 2011 - 04:56 PM

A friend brought me his laptop suspecting that it had been infected with a virus.

I followed the tutorial, How to remove a Trojan, Virus, Worm, or other Malware (http://www.bleepingcomputer.com/tutorials/how-to-remove-a-trojan-virus-worm-or-malware/#remove) and was able to get the machine to boot in normal mode, update McAfee Total Protection, and run a full scan. Several infections were removed including one named, XCPT-HOOK1 (TDSS.e!rootkit).

I then installed and updated AVG which discovered and removed 6 trojan horse infections.

I also installed and updated Malwarebytes Antimalware which discovered and removed 2 Registry infections.

At this point I can see though, that all of the Start Menu (All Programs folders) appear empty. Internet Explorer is gone. Administrative tools is gone. All files are hidden. And Firefox and Google Chrome are redirecting.

Please help.

BC AdBot (Login to Remove)

 


#2 transceiver

transceiver
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Henderson, LA
  • Local time:03:06 AM

Posted 17 November 2011 - 04:18 AM

UPDATE: I observed that after several reboots, the XCPT-HOOK1 (TDSS.e!rootkit) item reappeared every time in McAfee full scans. McAfee Total Protection reported the infection removed each time but the Google redirects persisted and Windows components were still missing (Administrative Tools, cmd.exe, etc.) I attempted many times to download and run TDSSKiller.exe, using different methods, renaming the file, tranferring it to the machine via different means, etc. It would not run, at all.

Finally I downloaded the .zip version, directly from this link: http://support.kaspersky.com/downloads/utils/tdsskiller.zip, to a clean PC, transferred it to a clean flash drive, extracted the contents to the flash drive, renamed the executable TDSKiller.exe to something random with the .com extension (lksjdf.com e.g.), copied it to the infected machine's desktop and ran it succesfully.

This was the only method that worked for me. It may also have had something to do with the fact that kaspersky.com updates the tool periodically, and I may have finally simply downloaded a version that worked for the permutation I had encountered.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users