I mistakenly posted my experience since it was exactly as another user. To avoid further confusion I have reposted below and will provide additional updates as I go through the process.
My original post:
Posted Today, 10:45 AM
View Poststcarl, on 01 April 2012 - 10:47 PM, said:
Running XP on infected PC. Followed the steps for removal of SMART HDD operating in safe mode with networking. Everything was fine until we tried to run the tdsskiller. It will not execute. We have downloaded it to the desktop, renamed it multiple times using both .exe and .com, downloaded the file onto another computer and loaded the files onto a jump drive. Then we tried to copy and paste those files into the infected computer but still the tdss file won't go. We tried skipping this step and downloading malwarebytes but that was terminated by the infection.
I am having the same problem (as above) and as I am seeing across this and other boards with the instructions and tdsskiller. I am running Win 7 (64 bit). I have tried renaming tdsskiller with no luck. When running in safe mode (after rkill step) I would only get a spinning circle for a few moments. Tried to skip step to Mbytes and it installs, fails, gives some "runtime error '5'". After getting stuck with your guide I found (from another guide) where to find the active virus (chain of letters and numbers.exe) and change the extension to .com. I can now boot into regular windows mode without all the popups and start of S.M.A.R.T. HDD. Now when running tdsskiller (renamed as per instructions) I now get a spinning circle then the user account control "do you want to allow..." windows notification. I say yes...then the spinning circle...then nothing happens.
I think it should be noted that we are instructed in several places to "run as administrator" in Win Vista/7. This choice is unavailable when the tdsskiller is renamed a .com file. You will only get this when it is a .exe file. I would also like to ask why someone said "64-bit may be the issue". It appears from the tdsskiller site that this tool is for both 32 and 64 bit systems.
I have now been able to run MS security essentials. It did find "VirTool:Win32/Obfuscator.QD" which it quarantined and "Trojan:Win32/FakeSysdef" which was removed. Tried to now go back to start of the instructions and still hanging up at the tdsskiller step. Malewarebytes is still also not starting or installing correctly.
I would like to note. I had Malewarebytes (paid version) as my security software and it did not stop this infection. I am not quite sure why if it did allow this virus through it can now remove it.
I would also like to note that I got infected from installing "Handbrake.fr" version 0.9.6 (MS Vista/7 version, 64 bit) from http://handbrake.fr/downloads.php. Immediately after download, install and reboot the S.M.A.R.T. HDD issues started.
My wife told me "just pay the $" and after several hours of poor Dell tech support I was tempted to do such...but it didn't seem right. Thanks for all the help so far, and in advance for your assistance.
Edit 1: Sorry...will start over with Narenxp instructions also and provide feedback.
Edit 2: Feedback on Narenxp instructions in this thread - System restore and backup are not supported in safe mode (according to my infected machine). Rebooting to "non safe mode" to attempt prior to proceeding.
Since my original post and 2 updates above:
I am currently backing up files from the infected machine. I was able to also create restore disks with a Dell product on my machine (using Dell Datasafe and Backup). This was used since the following procedure is unable to be done on my machine...the "System Protection" tab is missing.
I have also complained directly to Malewarebytes since this was my virus software. I had the paid pro version that is supposed to have real-time protection. I have already got the following response from Malewarebytes on how to proceed.
We are going to use Chameleon, is part of Malwarebytes. Chameleon will scan for active malware, disabling it , allowing you to run a scan after. I went ahead and attached it for you. Print instructions if needed so.
Step 1- Download and extract the attachment
How to extract: http://windows.microsoft.com/en-US/windows7/Compress-and-uncompress-files-zip-files
Step 2- Reboot your computer
Step 3- Gently tap the F8 key repeatedly until you are presented with the Windows Advanced Options menu.
Step 4- Select Safe Mode with Networking with your keyboard and hit enter
Step 5- You may presented be with a Windows Login screen. Log in to Windows and if prompted about Safe Mode and asks if you'd like to continue click Yes.
Step 6- Double click on firefox.com
*Active Malware-could block Chameleon, so go down the list as we renamed Chameleon to mask other programs if they start to fail.
Step 7- A DOS prompt window will appear, asking to "Press any key to continue"
Step 8- Chameleon will look for active malware and perform a scan with Malwarebytes.
Step 9- Once completed remove any threats found.
Step 10- Save the log file and attach along with your reply.
Step 11- Restart your computer
I have about an hour till the backup of files completes. At this point I will give more feedback on my progress...trying 1st the suggestions from narenxp located again here on my original post on another members thread (referenced above) then if I am still having the same tdsskiller hangups I will try the Maleware tech's suggested route.