Jump to content

malwarebytes keeps finding rootkit.tdss after removing it

Recommended Posts

I was infected with the xp 2011 recovery virus and after removing and correcting all other issues malwarebytes keeps finding rootkit.tdss. It supposedly removes it but after a rescan it finds it again in the following location:

c:\documents and settings\all users\application data\symantec\srtsp\quarantine\apq2e0.tmp

below is the malwarebytes log:

Malwarebytes' Anti-Malware


Database version: 6740

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

6/5/2011 12:21:24 PM

mbam-log-2011-06-05 (12-21-24).txt

Scan type: Full scan (C:\|)

Objects scanned: 436067

Time elapsed: 1 hour(s), 30 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\all users\application data\symantec\srtsp\quarantine\apq2e0.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.

I'm also running symantec and it also finds it in its autoscan and it calls it backdoor.tidserv

Link to post
Share on other sites

Greetings :)

That file appears to be in Symantec's quarantine. If you open Symantec and have it delete the quarantined files, Malwarebytes should no longer detect it. If it does, then it's possible that the infection is respawning itself in which case you should do the following:

We don't work on malware removal in this part of the forums.

Please read and follow the directions here, skipping any steps you are unable to complete. Then create a NEW topic here.

One of the expert helpers there will give you one on one assistance when one becomes available.

Please note that it may take 48 hours or more for you to receive a response in the malware removal forum, as it is often busy at times. Please do not reply to your own post asking for help unless its been more than 48 hours since you originally posted, as this can make it appear as though you are being helped and take longer for you to get help.

If you are unable to do all or any of the steps in the link to the directions above, just post your problem into the forum I gave you a link to anyway and someone will be able to assist you.

If you prefer to be assisted via email you may contact support@malwarebytes.org and one of our support staff members will assist you directly.

If you are a reseller, affiliate, technician, corporate, business, educational, government or non-profit customer then please contact corporate-support@malwarebytes.org and include full contact details along with your Reference # when you do to ensure that you receive prompt assistance.

Thank you :)

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.