Jump to content

MBAM Found rootkit.tdss.gen


Recommended Posts

Okay, I am a little worried, so I decided to ask an expert. The other day I allowed a fake jave update to install on my computer, even though my AV wanted to block it (I thought it was a false positive). But I usually don't do those updates and I started questioning it so when Windows Vista asked me if I allowed it, I hit cancel. Anyway, a few hours later I noticed that anytime I would click on google search result links I was redirected to different sites or attack pages. I think Firefox blocked most if not all the attack pages. Anyway, once I realized I had a virus I tried running Malwarebytes, but it ran really, really slow. I started up my other laptop so that I could search the internet to see what was going on and what I should do. Well, my 2nd laptop was running slower than usually and just sitting there when trying to load pages. Both computers share the same router. So, what I decided to do was restart the infected computer (1st computer) in safe mode and then I ran Malwarebytes.

MBAM found rootkit.tdss.gen.

That's all it found. I quarantined it and then restarted and now both computers seem to be working normally. My concern is I've read that these rootkits are dangerous and some people recommend reformatting. Some people say even reformatting doesn't totally get rid of this threat. I really don't know anything about rootkits, so I am wondering if there could still be hidden threats on either of my computers or could my router be compromised? I've ran my AV's and MBAM again and they don't find anything. Is there anything more I should do? Should I reformat the 1st computer? Nothing was ever found on my 2nd computer. Should I do something to my router? I do online banking. Should I be concerned about my identity or personal information being compromised or am I okay?

BTW 2nd computer uses Windows XP.

Thank you for your help in advance.

Nick

Link to post
Share on other sites

Hi Nick and Welcome to Malwarebytes Forum!

We'll look at both computers, but one at a time.

We need to look at some information about what is going on in your computer:

Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explanation about the tool.

    [*]When done, DDS will open two (2) logs

    1. DDS.txt

    2. Attach.txt

    [*] Save both reports to your desktop.

    [*] The instructions here ask you to attach the Attach.txt.

    DDS.jpg

    [*]Instead of attaching, please copy/past both logs into your Thread

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.

After downloading the tool, disconnect from the internet and disable all antivirus protection.

Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HEREThen post your DDS (DDS.txt and Attach.txt

Link to post
Share on other sites

Thank you so much for your help!

I'm leaning toward a reformat, should I still post logs. Would you recommend a reformat? I want to do what will leave me most secure in the end because I do online banking. Is there any chance that I could still be infected after a reformat? Both computers are still running completely normal. Should I also reformat my 2nd computer? Is there something I should do to my router?

Thanks,

Nick

Link to post
Share on other sites

The safest way is to reformat and Router Reset before you reformat. See below:

Router Reset

  • Please read this: Malware Silently Alters Wireless Router Settings
  • Consult this link to find out what is the default username and password of your router and note down them: Route Passwords
  • Then rest your router to it's factory default settings:
    "If your machine has been infected by one of these Zlob/DNSchanger Trojans, and your router settings have been altered, I would strongly recommend that you reset the router to its default configuration. Usually, this can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds)

Let me know you need any more help.... :D

Link to post
Share on other sites

  • 3 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.