Results 1 to 6 of 6

Thread: Removal of Rootkit TDss

  1. #1
    Code-Red
    Guest

    Removal of Rootkit TDss


    Ive read several other threads where the OP was in the same situation
    but havent found answers that are applicable or detailed enough to
    assist me. Im computer capable and experienced but in no way a guru and
    might have to be walked through a few things...

    As for my situation its my father in laws laptop, its OS is XP. He let
    his younger daughters get on his laptop and they casually frequent
    websites filled with potential risks. When I got the computer I just
    assumed it was your regular group of malware and such but after removing
    what I believed was all of the evil doers I was left with
    Win32.Trojan.TDss process and its companion file in rootkit form.

    I used malware bytes and microsoft security essentials to remove all of
    the other stuff that came along with this rootkit trojan but im at a
    loss as how to proceed in removing this bug. I dont want to mess around
    trying to get rid of it but making things worse.

    I didnt want to but for testing purposes i tested the virus out a bit.
    I cant download new or update any virus/malware removal software and the
    one time I tried to remove the virus upon restart I got a blue screen
    that went by very fast, all I can make out is system32, which i assume
    is when it is re-loading itself.

    Sorry for the long winded post just trying to be as detailed as
    possible, any help and advice would be deeply appreciated...


    --
    Code-Red
    ------------------------------------------------------------------------
    Code-Red's Profile: http://forums.techarena.in/members/164302.htm
    View this thread: http://forums.techarena.in/virus-spyware/1282861.htm

    http://forums.techarena.in


  2. #2
    darfun
    Guest

    Re: Removal of Rootkit TDss


  3. #3
    Code-Red
    Guest

    Re: Removal of Rootkit TDss


    Thx for the reply. Went to try your solution but the drivers are not
    showing up. Yes options were selected to show hidden devices/files.

    From what I can tell the avs thinks that the root kit file is at

    C:\WINDOWS\system32\drivers\UACxctrkcvkqlxmydc.sys

    which I cant locate, and that the trojan aplication is located from

    \\?\globalroot\systemroot\system32\uacoquoyxxnkgijfrb.dll

    so im still kinda stuck...


    --
    Code-Red
    ------------------------------------------------------------------------
    Code-Red's Profile: http://forums.techarena.in/members/164302.htm
    View this thread: http://forums.techarena.in/virus-spyware/1282861.htm

    http://forums.techarena.in


  4. #4
    Regis
    Guest

    Re: Removal of Rootkit TDss

    Code-Red <Code-Red.439oza@DoNotSpam.com> writes:
    > Ive read several other threads where the OP was in the same situation
    > but havent found answers that are applicable or detailed enough to
    > assist me. Im computer capable and experienced but in no way a guru and
    > might have to be walked through a few things...
    >
    > As for my situation its my father in laws laptop, its OS is XP. He let
    > his younger daughters get on his laptop and they casually frequent
    > websites filled with potential risks. When I got the computer I just
    > assumed it was your regular group of malware and such but after removing
    > what I believed was all of the evil doers I was left with
    > Win32.Trojan.TDss process and its companion file in rootkit form.


    First, this is not a firewall question, so it's off-topic for this
    group.
    24hoursupport.helpdesk
    alt.comp.virus
    alt.comp.anti-virus
    microsoft.public.security.virus
    microsoft.public.windowsxp.help_and_support

    all would be more appropriate choices.

    Rootkit? Oy.

    > I used malware bytes and microsoft security essentials to remove all of
    > the other stuff that came along with this rootkit trojan but im at a
    > loss as how to proceed in removing this bug. I dont want to mess around
    > trying to get rid of it but making things worse.


    Backup data using a bootable livecd like sysrescuecd, flatten (fdisk,
    remove partition, add partition, reformat) and reinstall the operating
    system (from optical media if at all possible).

    Anything short of that is just pissing in the wind.




  5. #5
    Code-Red
    Guest

    Re: Removal of Rootkit TDss


    Regis;4729417 Wrote:[color=blue]
    > Code-Red <Code-Red.439oza@DoNotSpam.com> writes:
    >
    > First, this is not a firewall question, so it's off-topic for this
    > group.
    > 24hoursupport.helpdesk
    > alt.comp.virus
    > alt.comp.anti-virus
    > microsoft.public.security.virus
    > microsoft.public.windowsxp.help_and_support
    >
    >
    > Backup data using a bootable livecd like sysrescuecd, flatten (fdisk,
    > remove partition, add partition, reformat) and reinstall the operating
    > system (from optical media if at all possible).
    >
    > Anything short of that is just pissing in the wind.


    Thx for the post but im pretty sure this thread was made under
    "computer safety" > "virus and spyware" i dont see anything about being
    in the firewall group. I was thinking about doing what you suggested but
    im lazy lol, but I might give it a go today...


    --
    Code-Red
    ------------------------------------------------------------------------
    Code-Red's Profile: http://forums.techarena.in/members/164302.htm
    View this thread: http://forums.techarena.in/virus-spyware/1282861.htm

    http://forums.techarena.in


  6. #6
    Regis
    Guest

    Re: Removal of Rootkit TDss

    Code-Red <Code-Red.43amba@DoNotSpam.com> writes:
    [color=blue]
    > Regis;4729417 Wrote:
    >> Code-Red <Code-Red.439oza@DoNotSpam.com> writes:
    >>
    >> First, this is not a firewall question, so it's off-topic for this
    >> group.
    >> 24hoursupport.helpdesk
    >> alt.comp.virus
    >> alt.comp.anti-virus
    >> microsoft.public.security.virus
    >> microsoft.public.windowsxp.help_and_support
    >>
    >>
    >> Backup data using a bootable livecd like sysrescuecd, flatten (fdisk,
    >> remove partition, add partition, reformat) and reinstall the operating
    >> system (from optical media if at all possible).
    >>
    >> Anything short of that is just pissing in the wind.

    >
    > Thx for the post but im pretty sure this thread was made under
    > "computer safety" > "virus and spyware" i dont see anything about being
    > in the firewall group. I was thinking about doing what you suggested but
    > im lazy lol, but I might give it a go today...


    The newsgroup your post has landed in is comp.security.firewalls, for
    what it's worth.

    Where did you post from? A vBulleting usenet gateway was involved,
    but I can't tell where/which one.

    That lousy organization / mislabeling of whatever website you've
    posted from might explain why we're seeing so much spyware related
    cruft being posted off-topic here a verable old Usenet / NNTP.

    Philosophical angle:
    Unfortunately (or maybe fortunately), webmasters the world over have
    latched onto usenet as a portal for free user-driven content for their
    websites which is perhaps poluting the old guard usenet netiquette
    rules as badly as AOL granting newsgroup access back in the day.

    On the other hand, this might save usenet from extinction as web
    forums had fragmented readership, and siphoned off a lot of activity
    in the past years along with major ISP's dropping direct NNTP server
    support. It'd be interesting to see the web re-invigorate usenet text
    discussions.









Similar Threads

  1. Re: security tool virus removal
    By Ansgar -59cobalt- Wiechers in forum comp.security.firewalls
    Replies: 3
    Last Post: 12-15-09, 10:56 PM
  2. Re: Cyber Security virus removal guide
    By Ansgar -59cobalt- Wiechers in forum comp.security.firewalls
    Replies: 5
    Last Post: 11-14-09, 11:28 PM
  3. Re: Please help. Win32/Alureon.Gen!U removal
    By Ansgar -59cobalt- Wiechers in forum comp.security.firewalls
    Replies: 0
    Last Post: 10-13-09, 09:06 AM
  4. Green AV, fake Green Antivirus 2009 program removal guide
    By dfinc in forum comp.security.firewalls
    Replies: 4
    Last Post: 09-11-09, 01:43 AM
  5. Personal Antivirus Removal Guide
    By dfinc in forum comp.security.firewalls
    Replies: 5
    Last Post: 07-05-09, 03:06 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •