Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDL Rootkit again.. cant use keyboard in safe mode or anything


  • Please log in to reply
5 replies to this topic

#1 Pajajn

Pajajn

  • Members
  • 364 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:10:25 AM

Posted 01 July 2012 - 10:11 AM

My dad asked me for help since his computer refuses to work with the usb keyboard/mouse.. I tried safe mode and noticed that it didnt work there either. Hes using Windows XP SP3 and hasn't any PS2 on his computer...

Any help would be appreciated i suspect a variant of TDL rootkit which he had some half year before so i dono WTF hes doing when he browsing the web.

Thanks anyway

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:25 AM

Posted 02 July 2012 - 09:26 PM

when did this issue start? How did he remove the TDL rootkit?

DO an external keyboard or mouse work? If yes

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Pajajn

Pajajn
  • Topic Starter

  • Members
  • 364 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:10:25 AM

Posted 03 July 2012 - 08:22 AM

Since it's not my computer i can't directly point out time but i know that it happend day before / night before thread.. And i cant use an external keyboard or anything since he only got USB on the back of his PC.

Keyboard nor Mouse don't work in Safe mode pick DOS Menu.. cant move the -> down the menu..

Well the last TLD4 rootkit where on another partition so it's not there but we had the same sympthom from that one which i think boopme helped us with. So its a new Partition, but a rootkit variant we had before so it must be something my dad does over again to get it...

I cant even get into BIOS by tapping F2 the windows XP logo just comes and loading the OS as usually into the desktop.. where i cant move anything

Edited by Pajajn, 03 July 2012 - 08:33 AM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:25 AM

Posted 03 July 2012 - 09:59 AM

Do you have XP CD?

What happens when you insert it? Does that work?

And i cant use an external keyboard or anything since he only got USB on the back of his PC.


Did you try an USB keyboard? We dont need a mouse now

#5 Pajajn

Pajajn
  • Topic Starter

  • Members
  • 364 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:10:25 AM

Posted 03 July 2012 - 11:45 AM

Yes i have a Windows XP SP3 CD but differs from the installed version (i think).

Ive tried several keyboards and it's usb sys files that are crap.. like the last time he had some rootkit variant like this.

#6 Pajajn

Pajajn
  • Topic Starter

  • Members
  • 364 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:10:25 AM

Posted 06 July 2012 - 09:56 AM

Any help :o :wacko:

Regards

/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users