Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engine Redirect with a twist


  • Please log in to reply
2 replies to this topic

#1 jdonahue3

jdonahue3

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 29 October 2012 - 07:07 PM

So I managed to pick up a TDSS-like virus. Symptoms are fairly mild. Search links are redirected about 1/3rd of the time. In fact, the only reason I found out I had the infection is something the virus did to my system drivers doesn't play nice with Diablo III. Diablo III crashes about 15-30 seconds into game play with a windows error of "Diablo III Retail has stopped working and needs to close". Ran into the redirect when searching to fix that, and since Diablo III was working great the prior day, it seems likely to be related.

So a few failed scans and a few hours of searching later I find out that what I have looks like a relatively benign version of TDSS. I have been attempting all the standard removal tools and none of them have been blocked for execution, and no disinfection websites are completely blocked as I have heard can happen with some of the more nasty and overt versions of this virus. So whats the problem if all the tools are running? None of the standard tools have managed to find this thing. I've tried Avast! complete scan, Avast!'s pre-boot scan, TDSS-killer with all the options enabled, Malware Bytes, Spybot S&D, that rootkit detection thing that has most of its options greyed out on 64-bit (on Win7 64-bit home premium btw), and even ComboFix based on some search results (yes, I know, naughty naughty). Nothing has managed to catch this thing. I'm not even sure this is TDSS since nothing has confirmed that identification.

So, how do you deal with a rootkit that is evading the rootkit removers? Help! :wacko:

Edited by jdonahue3, 29 October 2012 - 07:08 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:59 PM

Posted 29 October 2012 - 07:14 PM

Welcome,as you have run several tools already, I think we should get a deeper look. Please follow this Preparation Guide and post in a new topic.
If Gmer won't run,skip it.

Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 jdonahue3

jdonahue3
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 29 October 2012 - 11:44 PM

New topic created:
http://www.bleepingcomputer.com/forums/topic473507.html




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users