Another Issue with TDSS

Discussion in 'Malware Help (A Specialist Will Reply)' started by annecliffyf, Apr 9, 2009.

  1. annecliffyf

    annecliffyf Private E-2

    hi there,

    i am having serious issues removing TDSS from my computer. Spybot search and destroy detects that I have it and claims to remove it, but it keeps reappearing when i do additonal scans.

    At this point, I went ahead and installed combofix, thinking perhaps that might work, but the virus [at least i think its the virus] has revoked my administrative privileges!! Even weirder, I can't even go into "safe mode" because the computer rejects my user name and password... i know they are correct when i enter them, so it's the strangest thing. I am able to log on using that exact user name and password when i start the computer normally, so it is all very odd that it wont log me on in safe mode...

    i ran the hijackthis program, and here is the file it returned:




    i truly appreciate the help! i usually consider myself somewhat proficient at computers, but this virus really has me stumped!!! and im starting to freak out about not having admin privileges... i cant even do a system restore at this point.

    thanks so much.
     

    Attached Files:

    • log.txt
      File size:
      18.5 KB
      Views:
      3
    Last edited by a moderator: Apr 11, 2009
    annecliffyf, Apr 9, 2009
    #1
  2. Corporal Punishment

    Corporal Punishment Head of Software Shenanigans Staff Member

    Curious as to this line:

    O4 - HKLM\..\Run: [RRT-Auto] C:\DOCUME~1\af6uw\LOCALS~1\Temp\Rar$EX02.438\RRT.exe auto

    can you upload that file to http://www.virustotal.com/ ?

    If you reboot, to the spybot lines go away or stay in the HJT Logs?

    Also, does anything at all from the read me install, besides hijackthis?
     
    Corporal Punishment, Apr 11, 2009
    #2
  3. annecliffyf

    annecliffyf Private E-2

    Hi there corporal punishment,

    To update you on my situation, I decided to reformat my harddrive. In the process of doing so, I discovered that whatever virus I have has revoked ALL of my administrative rights. As I was trying to reload windows XP, I kept getting the blue screen, informing me that my system had been shut down to prevent serious damage. I spoke with the people at Dell, and they wanted me to do things like a system restore... unfortunately, because I had lost all admin rights, I found I was unable to do any of it.

    Luckily, I am still under warranty... so after talking to them for nearly 3 hours (sigh), they have finally agreed to replace the harddrive.

    Thanks for the help, though. Do you have any antiviral programs you would recommend? Because the viruses I got this time around were really nightmarish... and I was running Sophos at the time.
     
    annecliffyf, Apr 11, 2009
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No single program provides all the protection required. You need an antivirus, a realtime anti-malware blocker, and a real bi-directional firewall which Windows does not provide. In addition, no protection software will protect you from you. Safe surfing habits and other security related steps need to be taken. See: How to Protect yourself from malware!

    By the way, the infection you had is cleaned many times per week using our cleaning procedures (see the sticky threads in the forum) and then we finish it off with some addtional manual steps.
     
    chaslang, Apr 14, 2009
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds