Jump to content

TDSS Issue

Recommended Posts

I'm trying to clean a PC infected with the TDSS and probably more... I've disabled the TDSS in devmgmt, rebooted, renamed the mbam-setup.exe to setup.exe and installed it... The install comes to the finished screen, I click the finish button and it goes away, but down in the task bar the Setup tab stays down there... In the process list it shows both setup.tmp and setup.exe as running with no CPU and only a couple MB of ram...

If I go to the programs list, it shows MB as being installed and if I try to open it, I get the hourglass but no windows open up... Looking at the tasklist again I see that MBAM.exe is running, but only using 2232KB of memory... After a few minutes it will just disappear from the list without even a flicker on the screen... I do see that there is an entry in the HJT log to run MBAMgui.exe in the runonce though...

BTW This computer is running XP Home SP3, CA Anti-virus plus Spyware and Windows Defender as well...

Any ideas??

Link to post
Share on other sites

First off let me apologize for posting in the wrong forum, I had several posts open in different tabs and brain farted I guess (no idea if this warrants being moved or just deleted now)...

Anyways, here's an update... I tried reinstalling, renaming and rebooting several times and nothing worked so I uninstalled mbam, ran HJT and everything that was listed should of been there, verified that TDSServer wasn't listed anymore and rebooted... Tried to install mbam as soon as it came up and the same thing happened again... Once again I ran HJT and all was clean, but when I went to devmgmt the TDSServer was back!!

So this time I uninstalled mbam again and rebooted... then I disabled the TDSServer, rebooted and reinstalled mbam (which was already renamed setup.exe) and it is currently scanning after a successful update... no idea how or why it got buggered up in the first place... But it's only about another half hour till the dark side of the force will feel a disturbance in the force as another comrade dies :)

Here's a neat point of interest, neither the CA software nor the Windows Defender found anything before... Now with the MB running and reporting 6 infections already, both the CA and WD are reporting issues as well... Does anyone know if this is just a simple "the TDSServer got in and cloaked everything" or do these programs have the ability to piggyback other programs?? This isn't the first time I've seen this type of behavior...

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.