Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get rid of TDSS/alureon


  • This topic is locked This topic is locked
5 replies to this topic

#1 3and20characters

3and20characters

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 07 September 2014 - 12:06 AM

I got a notification from comcast yesterday that I had a tdss/tdl/alureon toolkit variant. However, there are no symptoms.. No redirect or ad issues. Comcast only reports the bot when my system is 'asleep' (or should be). I already had spybot, malware bytes, and super anti spyware running when this occurred.

Since the notification, I have run tdss killer, avast, malwarebytes anti rootkit, spybot, malwarebytes anti spyware, windows defender, hitman pro, combofix, Symantec anti rootkit, and probably more. All are updated. Only mbam found anything, and just once. Tdss returned and then combofix found something. However, Comcast reported another bot instance after combofix, too. I rescanned in safe mode and regular and haven't found anything yet. When possible, I scan with Internet off, too.

I am on windows 7. Somehow I have no system restore points prior to yesterday so I cannot roll back. Windows update won't work, but the Internet and all other apps do.

Any ideas?

BC AdBot (Login to Remove)

 


#2 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:12:36 PM

Posted 07 September 2014 - 02:38 PM

While you are waiting on a Malware Removal Team member to help you, please read this topic, which concerns the same issue.
http://www.bleepingcomputer.com/forums/t/547159/constant-guard-reporting-bots/

It's entirely possible that there is no bot.
(see post #12 in that topic)

There is nothing wrong with wanting to make sure, so someone should be along to help you find out if there is a bot.

#3 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:07:36 PM

Posted 08 September 2014 - 12:43 AM

Hello and :welcome: on bleeping computer

I am currently reviewing your problem and will reply as soon as possible.

Please be patient.

Please notice: I am Malware Study Hall Senior, that means all of my answers will reviewed by an expert before I can post them here. Therefore it could be, that there is a little delay in my answering. Thank you for understanding.

 

 

 


regards,

 

Sandra


#4 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:07:36 PM

Posted 08 September 2014 - 06:28 AM

Hello
My name is Sandra and I will help you with your problem.

  • Please follow my instructions in the order they are given
  • Read the instructions carefully before you start. If  you get in trouble or  you do not understand what is to do then stop with the execution and describe the problem as good as you can
  • Do only run scans which I advise to you
  • Do not do crossposting (Posting in different forums)
  • Do not de- or install software during removal, expect I advisted that to you
  • Please keep in mind that we are all doing this here in our freetime, if I do not reply in within 48 hours, feel free to send me a PM

 

 

 

Step 1

Please post me the logs you have made before

  • TDSS Killer
  • Malwarebytes Antirootkit
  • Combofix
  • Malwarebytes

 

Step 2

On a clean machine, please download Farbar Recovery Scan Tool and save it to a flash drive.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html




To enter System Recovery Options by using Windows installation disc:


  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

==========

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


Select Command Prompt

==========


Once in the Command Prompt:

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

regards,

 

Sandra


#5 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:07:36 PM

Posted 11 September 2014 - 02:11 PM

Hello,

are you still with me?

Please notice:
If you do not reply within the next 48 hours, I assume that you do not need my help anymore and this topic will be closed.

 


regards,

 

Sandra


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:36 PM

Posted 14 September 2014 - 01:46 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users