Jump to content

Need help trying to Remove Rootkit.tdss tonight


drock13

Recommended Posts

I will be working on it tonight around 5:30 Eastern for a little bit and then again around 10PM eastern.

I had a run in with Windows Police Pro + more I assume this weekend. I've somehow managed to clean up and fix most of the issues, so I thought. When I ran Malwarebytes this morning before I left for work I was surprised to still find some infections. I can post the log file when I get home but was wondering what my first step should be:

Here are the 5 infections it found...I printed log file this morning.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gasfkytecidmce (rootkit.tdss)-> No action taken

Files infected:

C:\Windows\System32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.IE5\VXE2untb\W[1].bin (Backdoor.bot) -> No Action Taken

C:\Windows\System32\certstore.dat (Trojan.agent) -> No Action Taken

C:\Windows\System32\gasfkyhebjnrnu.dat (rootkit.tdss)-> No action taken

C:\Windows\System32\gasfkyougyhtve.dat (rootkit.tdss)-> No action taken

It was rebooting when I left after trying to remove these.

Link to post
Share on other sites

  • Root Admin

You did not tell MBAM to fix the issues. Please follow the EXACT instructions below. Thanks.

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log and a new Hijackthis log.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.