Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDSSKiller won't execute during SMART HDD removal - User Case#2


  • Please log in to reply
3 replies to this topic

#1 engineeredwithlayton

engineeredwithlayton

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 02 April 2012 - 04:58 PM

As requested I have started a new topic from this tread:

http://www.bleepingcomputer.com/forums/topic448512.html

I mistakenly posted my experience since it was exactly as another user. To avoid further confusion I have reposted below and will provide additional updates as I go through the process.

My original post:



Posted Today, 10:45 AM

View Poststcarl, on 01 April 2012 - 10:47 PM, said:
Running XP on infected PC. Followed the steps for removal of SMART HDD operating in safe mode with networking. Everything was fine until we tried to run the tdsskiller. It will not execute. We have downloaded it to the desktop, renamed it multiple times using both .exe and .com, downloaded the file onto another computer and loaded the files onto a jump drive. Then we tried to copy and paste those files into the infected computer but still the tdss file won't go. We tried skipping this step and downloading malwarebytes but that was terminated by the infection.


Hello

I am having the same problem (as above) and as I am seeing across this and other boards with the instructions and tdsskiller. I am running Win 7 (64 bit). I have tried renaming tdsskiller with no luck. When running in safe mode (after rkill step) I would only get a spinning circle for a few moments. Tried to skip step to Mbytes and it installs, fails, gives some "runtime error '5'". After getting stuck with your guide I found (from another guide) where to find the active virus (chain of letters and numbers.exe) and change the extension to .com. I can now boot into regular windows mode without all the popups and start of S.M.A.R.T. HDD. Now when running tdsskiller (renamed as per instructions) I now get a spinning circle then the user account control "do you want to allow..." windows notification. I say yes...then the spinning circle...then nothing happens.

I think it should be noted that we are instructed in several places to "run as administrator" in Win Vista/7. This choice is unavailable when the tdsskiller is renamed a .com file. You will only get this when it is a .exe file. I would also like to ask why someone said "64-bit may be the issue". It appears from the tdsskiller site that this tool is for both 32 and 64 bit systems.

I have now been able to run MS security essentials. It did find "VirTool:Win32/Obfuscator.QD" which it quarantined and "Trojan:Win32/FakeSysdef" which was removed. Tried to now go back to start of the instructions and still hanging up at the tdsskiller step. Malewarebytes is still also not starting or installing correctly.

I would like to note. I had Malewarebytes (paid version) as my security software and it did not stop this infection. I am not quite sure why if it did allow this virus through it can now remove it.

I would also like to note that I got infected from installing "Handbrake.fr" version 0.9.6 (MS Vista/7 version, 64 bit) from http://handbrake.fr/downloads.php. Immediately after download, install and reboot the S.M.A.R.T. HDD issues started.

My wife told me "just pay the $" and after several hours of poor Dell tech support I was tempted to do such...but it didn't seem right. Thanks for all the help so far, and in advance for your assistance.

Edit 1: Sorry...will start over with Narenxp instructions also and provide feedback.

Edit 2: Feedback on Narenxp instructions in this thread - System restore and backup are not supported in safe mode (according to my infected machine). Rebooting to "non safe mode" to attempt prior to proceeding.


Since my original post and 2 updates above:


I am currently backing up files from the infected machine. I was able to also create restore disks with a Dell product on my machine (using Dell Datasafe and Backup). This was used since the following procedure is unable to be done on my machine...the "System Protection" tab is missing.

http://windows.microsoft.com/en-US/windows7/Create-a-restore-point

Malewarebytes Suggestions:


I have also complained directly to Malewarebytes since this was my virus software. I had the paid pro version that is supposed to have real-time protection. I have already got the following response from Malewarebytes on how to proceed.

We are going to use Chameleon, is part of Malwarebytes. Chameleon will scan for active malware, disabling it , allowing you to run a scan after. I went ahead and attached it for you. Print instructions if needed so.

Step 1- Download and extract the attachment

How to extract: http://windows.microsoft.com/en-US/windows7/Compress-and-uncompress-files-zip-files

Step 2- Reboot your computer

Step 3- Gently tap the F8 key repeatedly until you are presented with the Windows Advanced Options menu.

Step 4- Select Safe Mode with Networking with your keyboard and hit enter

Step 5- You may presented be with a Windows Login screen. Log in to Windows and if prompted about Safe Mode and asks if you'd like to continue click Yes.

Step 6- Double click on firefox.com

*Active Malware-could block Chameleon, so go down the list as we renamed Chameleon to mask other programs if they start to fail.


Step 7- A DOS prompt window will appear, asking to "Press any key to continue"

Step 8- Chameleon will look for active malware and perform a scan with Malwarebytes.

Step 9- Once completed remove any threats found.

Step 10- Save the log file and attach along with your reply.

Step 11- Restart your computer


I have about an hour till the backup of files completes. At this point I will give more feedback on my progress...trying 1st the suggestions from narenxp located again here on my original post on another members thread (referenced above) then if I am still having the same tdsskiller hangups I will try the Maleware tech's suggested route.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:27 PM

Posted 02 April 2012 - 05:54 PM

Please reboot the PC into safemode with networking

Download

http://www.bleepingcomputer.com/download/anti-virus/unhide

Run the UNHIDE tool

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


FIXTDSS

Launch it ,It may ask for restart,reboot the PC

On reboot let me know what it finds

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Follow the steps as instructed


good luck

#3 engineeredwithlayton

engineeredwithlayton
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 04 April 2012 - 12:54 PM

Thanks for the help. I think I am now ok. I took screenshots of the items found and pasted them into a word document but do not see where to upload a file. Sorry for my delayed response but I have been trying to catch up on work since I was down and also traveling. Let me know what I can send you and where. Explicit instructions are helpful since I am not a IT person...just forced to be one as a 1 man small business.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:27 PM

Posted 05 April 2012 - 04:39 AM

You need not upload the file.Just paste the contents from the generated logs

You should find the TDSSkiller log in C drive

Malwarebytes should generate a log after the scan

good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users