Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit.Boot.SST.b 0x7b


  • This topic is locked This topic is locked
4 replies to this topic

#1 mycomputerlady

mycomputerlady

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 01 January 2012 - 03:30 PM

Hi all, I am new to this forum. I have been looking for a solution to this issue for days now, to no avail! I saw this thread (http://www.bleepingcomputer.com/forums/topic434870.html)and was hoping that I could get some help with my issue. I have a Windows 7 laptop, it had the google redirect issue with it. I read online that I should run the tdsskiller, so I did, and it found Rootkit.Boot.SST.b. Attached below is the tdsskiller.txt. I have tried to repair it with the windows recovery, I have tried different restore points, none work. I have tried changing the classpnp.sys to classpnp.old. I have tried to update the MBR. Nothing has seemed to work. In the thread I read, this fellow seemed to get his computer back to where he could at least log on, before I removed the Rootkit.Boot.SST.b with tdsskiller I was able to log in as well. I hate to reimage the whole hard drive, if all that needs fixed is a few files. Can anyone help?

Thanks!

Attached Files

  • Attached File  tdss.txt   81.05KB   3 downloads


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,297 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:07 PM

Posted 01 January 2012 - 04:45 PM

:welcome:

Lets give it a try. You will need a USB (Flash) pendrive.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 mycomputerlady

mycomputerlady
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 01 January 2012 - 05:16 PM

I found this advice http://triplescomputers.com/blog/?p=81#comment-88 and it worked on my computer, you may give it a shot!


Warning: Steps in this link can cause loss of data, and make partitions inaccessible. Follow at you own risk.

Edited by JSntgRvr, 02 January 2012 - 08:19 AM.


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,297 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:07 PM

Posted 01 January 2012 - 07:57 PM

Wow. I don't support those actions. It only represents the last alternative out. The BCD was deleted. Chances are that if you press F8 at startup, the "Repair my computer" option is no longer there, in addition, since the boot sector was overwritten, chances are you may no be able to recover to factory settings in the event it becomes the only way out.

I left a message in that site. Seems the tech who wrote it need some training.

Thanks for the feedback.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,297 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:07 PM

Posted 11 January 2012 - 09:53 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users