Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan-TDSS-731


  • Please log in to reply
5 replies to this topic

#1 bytor64

bytor64

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 03 August 2012 - 12:27 PM

hi all... i've followed the directions in the thread "trojan-dropper-bcminer" to no avail. the user was getting this trojan as well as the tdss. i have run combofix, tdsskiller, eset, hitmanpro, OTL, roguekiller, etc etc. and i cannot seem to get rid of it. i am currently entering this from the infected computer using Firefox. IE is the only browser infected. any and all help is greatly appreciated.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:43 PM

Posted 03 August 2012 - 01:04 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 bytor64

bytor64
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 03 August 2012 - 02:14 PM

i have run 2 of the 3 but have since tried rolling the system back 3 weeks and the darn thing is still present. hard to believe since the user just started having issues. i will look into undoing the system restore. right now, i've removed he harddrive and connected it to a second computer and running full malwarebytes scan. trying to outsmart the trojan by scanning it when it isn't booted into.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:43 PM

Posted 03 August 2012 - 02:50 PM

i have run 2 of the 3 but have since tried rolling the system back 3 weeks and the darn thing is still present. hard to believe since the user just started having issues. i will look into undoing the system restore. right now, i've removed he harddrive and connected it to a second computer and running full malwarebytes scan. trying to outsmart the trojan by scanning it when it isn't booted into.


Do you really need help? Can you post the logs?

#5 bytor64

bytor64
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 03 August 2012 - 03:21 PM

i did.. i waited as long as possible to post for help to make sure i was at my wits end. but believe it or not, and file away for others, removing the SATA drive, and connecting as a secondary hard drive to another computer and running malwarebytes against the drive that way fixed the problem. MWB found the trojan and two rootkits and successfully cleaned the drive. to be honest, i'm really surprised that worked.

i would like to thank you narenxp for your direction and willingness to help but it appears i'm good to go.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:43 PM

Posted 03 August 2012 - 03:59 PM

:thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users