Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


System Check TDSSkiller quaranteened & neutralized

  • This topic is locked This topic is locked
2 replies to this topic

#1 rltraveler


  • Members
  • 1 posts
  • Local time:06:08 PM

Posted 02 February 2012 - 02:05 PM

Sorry if this has been covered elsewhere. I went to a Wordpress site and I do not know how the System-Check virus entered through my firewall. I ran Rkill successfully. TDSSkiller found: Rootkit.boot.sst.a4 and said cure, but after I clicked "continue," it stated: Can't cure MBR, write standard boot code? (I clicked yes.)

After running it said: 1 threat neutralized, 2 objects quarantined. The bleeping computer website was down when I tried to register, so my in-home computer guy reinstalled Windows and ran Malwarebytes, I believe. But nothing can be seen without Nero, choosing the command to copy data to a DVD, and even though the names of the files are then visible, there is no access to the data.

I did have a backup from 2 weeks ago, so not a lot of data was lost; but it would be nice to access data on the drive if possible. I am fully operable, on the 2-week-old backup. It's not critical, but if the drive can be accessed by some method, it would be helpful.

I am now afraid to go to the Wordpress site because I do not know how this virus could access my computer through the firewall, and I do not know if I need to report this to the site that I was accessing for a plugin when it came through.

Thanks for any help.

BC AdBot (Login to Remove)


#2 Budapest


    Bleepin' Cynic

  • Moderator
  • 23,579 posts
  • Gender:Male
  • Local time:09:08 AM

Posted 02 February 2012 - 05:27 PM

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 myrti



  • Malware Study Hall Admin
  • 33,784 posts
  • Gender:Female
  • Location:At home
  • Local time:01:08 AM

Posted 06 February 2012 - 07:29 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!


Follow BleepingComputer on: Facebook | Twitter | Google+

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users