Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDSSKILLER will not run / redirects


  • Please log in to reply
9 replies to this topic

#1 ICKIER

ICKIER

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 10 October 2012 - 03:53 PM

Good Day.
Hopefully this will be a quick one.
I am having redirects. Malwarebytes shows nothing.
I read the guide for running TDSSKILLER and it will not run.
I've renamed, still won't run.
Where do we start?
Win 7 machine.
Kaspersky's AVP tool shows nothing.

Weird behavior: desktop icons will stop working after i close IE until I eand iexplore in task manager which is still displayed when I close IE!

Edited by ICKIER, 10 October 2012 - 03:58 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:04 PM

Posted 10 October 2012 - 03:54 PM

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 ICKIER

ICKIER
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 10 October 2012 - 04:03 PM

aswMBR - downloaded but same behavior as tdsskiller. will not run

the ESETscanner - it will get to 89-91% done downloading and IE will lock up.
Going to download it from a clean computer.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:04 PM

Posted 10 October 2012 - 04:11 PM

Download Listparts from here

For 32 bit

List parts 32

For 64 bit

List parts 64

Launch it,click on SCAN,post the log

#5 ICKIER

ICKIER
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 10 October 2012 - 04:31 PM

ESET running from download off clean computer.

list parts64 log below. do not see attach file option.
ListParts by Farbar Version: 02-10-2012
Ran by Jack (administrator) on 10-10-2012 at 17:20:38
Windows 7 (X64)
Running From: C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PVW5DNLK
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 50%
Total physical RAM: 3893.86 MB
Available physical RAM: 1915.57 MB
Total Pagefile: 9731.05 MB
Available Pagefile: 7503.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:448.4 GB) (Free:348.57 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (RECOVERY) (Fixed) (Total:17.07 GB) (Free:2.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 448 GB 200 MB
Partition 3 Primary 17 GB 448 GB
Partition 4 Primary 103 MB 465 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 SYSTEM NTFS Partition 199 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 448 GB Healthy Boot

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D RECOVERY NTFS Partition 17 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 HP_TOOLS FAT32 Partition 103 MB Healthy

======================================================================================================

Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
extendedinput Yes
default {c279be76-9b51-11de-9b93-a29d207e6d0e}
resumeobject {c279be75-9b51-11de-9b93-a29d207e6d0e}
displayorder {c279be76-9b51-11de-9b93-a29d207e6d0e}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30
customactions 0x1000085000001
0x5400000f
custom:5400000f {4971561a-f955-11df-a168-81b7afab3df8}

Windows Boot Loader
-------------------
identifier {4971561a-f955-11df-a168-81b7afab3df8}
device ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{4971561b-f955-11df-a168-81b7afab3df8}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{4971561b-f955-11df-a168-81b7afab3df8}
systemroot \windows
nx OptIn
winpe Yes
custom:46000010 Yes

Windows Boot Loader
-------------------
identifier {572bcd60-ffa7-11d9-aae0-0007e994107d}
device ramdisk=[boot]\sources\boot.wim,{ae5534e0-a924-466c-b836-758539a3ee3a}
path \windows\system32\boot\winload.exe
description Microsoft Windows PE 2.0
osdevice ramdisk=[boot]\sources\boot.wim,{ae5534e0-a924-466c-b836-758539a3ee3a}
systemroot \windows
detecthal Yes
winpe Yes
ems Yes

Windows Boot Loader
-------------------
identifier {c279be76-9b51-11de-9b93-a29d207e6d0e}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {4971561a-f955-11df-a168-81b7afab3df8}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {c279be75-9b51-11de-9b93-a29d207e6d0e}
nx OptIn

Resume from Hibernate
---------------------
identifier {c279be75-9b51-11de-9b93-a29d207e6d0e}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}

Hypervisor Settings
-------------------
identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Device options
--------------
identifier {4971561b-f955-11df-a168-81b7afab3df8}
description Ramdisk Options
ramdisksdidevice partition=D:
ramdisksdipath \Recovery\WindowsRE\boot.sdi

Setup Ramdisk Options
---------------------
identifier {ae5534e0-a924-466c-b836-758539a3ee3a}
description Ramdisk Options
ramdisksdidevice boot
ramdisksdipath \boot\boot.sdi


****** End Of Log ******

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:04 PM

Posted 10 October 2012 - 06:12 PM

Download

TDSS fix

Launch it.Do not UPDATE,click on CONTINUE

Let me know if it detects rootkit

#7 ICKIER

ICKIER
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 11 October 2012 - 04:59 AM

Little disturbed windows reported this file unsafe after it downloaded, but i ran it. No threats found.
Why is it this Kaspersky antirootkit program ran and the ones downloaded from their site do not?

Left ESET scanning overnight, found 2 before I woke up this morning to a self rebooted machine.
Don't know what it did but i did notice 2 found before i went to bed.

variant of win32/installcore a application AND html lframe b gen virus

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:04 PM

Posted 11 October 2012 - 06:10 AM

We need advanced tools to remove this one

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#9 ICKIER

ICKIER
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 11 October 2012 - 07:48 AM

ESET - just ran it again hoping to see what was found again but they were removed as the result was clean this scan. Still having issues though.

Very odd things on reboot now, configuring windows update then it says it failed.

Going to read now. Thank you for your time.

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:04 PM

Posted 11 October 2012 - 07:51 AM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users