Rootkit.TDSS

[luma]

Just got hit with a Rootkit.TDSS virus and it appreas to be a monster. XP safemode had been disabled and my system boots all the way to the desktop and then after 5 seconds nothing is clickable. I removed the compromised harddrive and scanned it in my other system where MBAM was able to find and clean 3 instances of Rootkit.TDSS. Unfortunately that didn't appear to do the trick. I am thinking that I need to run Combofix but I cannot find the download anywhere at the moment.

Any help would be greatly appreciated. I've got nothing to do today but fix my system so whoever chooses to work with me will get very fast replies on everything.

Thanks.

[prairie dog]

Hello Luma, and welcome to Malwarebytes.org

We don't work on Malware removal in the general forums.

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

[luma]

Thanks - will do.

[prairie dog]

you're welcome

The forum is busy so just a reminder that it might take up to 48 hours to get a response. Hope you get everything sorted out

[luma]

Thanks. I hope so too.

[extremeboy]

TDSSserv is a well known rootkit.

Due to the fact it's a rootkit I suggest you take the steps below for to help keep your security information safe.

Disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

If possible it would be best if you can use another computer to do all of this and to see if anyone replies to your topic from a clean system.

~Extremeboy