Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDSS redirect and other computer difficulties


  • This topic is locked This topic is locked
3 replies to this topic

#1 dbolton

dbolton

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:31 PM

Posted 08 October 2012 - 12:56 PM

I had a malware attack that I removed in Safe Mode using rkill and MalwareBytes. I also ran a virus scan using McAfee. Upon rebooting I noticed that I also had a TDSS redirect. I used TDSS Killer but it did not find anything so I used FixTDSS and it didn't find anything either. Upon rebooting, I could not get some programs to open, I lost my task bar and the computer would not restart using Task Manager. I finally forced the machine down and rebooted in Safe Mode (Windows XP Pro, btw). I immediately tried to download DDS.com and GMER.zip but the computer was unresponsive when trying to save to desktop. I went to a clean machine and downloaded the programs to a USB drive which I then put into the infected machine. I copied the files to the desktop. When I tried to run DDS.com, the black window comes up but the machine does not scan itself. GMER loaded and scanned but the machine was unresponsive when I tried to save the file. I have nothing to attach, unfortunately and I am not sure what to try next. Help!

BC AdBot (Login to Remove)

 


#2 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:31 PM

Posted 09 October 2012 - 07:44 PM

Hello dbolton :)

  • I will be helping with your computer problems.
  • From this point on, it is very important that you refrain from doing anything else to your computer other than what I have requested of you.
  • I do not mind if you browse the web, do basic tasks, or even test to see if the problem(s) you are experiencing are still occurring with the computer while we are working together, but do not run any tools/fixes unless I or another helper from this thread has asked you to do so.
  • Remember that you came here for help, so allow us to help you :)
  • If something does not run, make a detailed note of what problems you encountered along the way (exact error messages are preferred), but continue onto the next steps until you reach the end of my post.
  • Always do the steps they are listed in (left to right, top to bottom).
  • I prefer that you complete all the steps while you are in Normal Mode. However, I understand that sometimes this is not possible. If you are unsuccessful in getting a tool/fix to run from Normal Mode, but Safe Mode works, then use Safe Mode.
  • If you have a question about something, do not hesitate to ask.

Let's begin:

Posted Image Please download RogueKiller to your desktop.
  • Now rename RogueKiller.exe to winlogon.exe
  • Double-click winlogon.exe to run. Right-click winlogon.exe and select "Run as administrator"
  • When it opens, press the Scan button
  • When the scan is finished, press the Delete button.
  • Attach the latest numbered RKreport.txt from your desktop to your next post.

__

Posted Image Please download HitmanPro to your desktop.
  • Open the program by double-clicking it.
  • Click the Settings button
  • Uncheck "Scan for tracking cookies"
  • Press OK.
  • Click the Next button => Default scan (recommended)
  • Put a bullet in: No, I only want to perform a one-time scan to check this computer.
  • Click the Next button.
  • If HitmanPro detected anything, Ignore all the detections.
  • Press Next
  • Press Save Log
  • Save the log to your desktop and post its contents in your next message.

Edited by thisisu, 09 October 2012 - 07:47 PM.


#3 dbolton

dbolton
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:31 PM

Posted 10 October 2012 - 08:43 AM

Thanks for picking this up; however, we had also posted in the Am I Infected forum because we were not sure which one to post in (sorry....newbie). Anyway, we got some help there and all is well.

#4 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:31 PM

Posted 10 October 2012 - 01:45 PM

Glad to hear it :wink:

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a Private Message and I will reopen it for you.

If you should have a new issue, please start a new topic.

Everyone else should start a new topic.

Edited by thisisu, 10 October 2012 - 01:45 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users