TDSS has taken over my laptop

Discussion in 'Malware Help (A Specialist Will Reply)' started by Doris53094, Jan 24, 2009.

  1. Doris53094

    Doris53094 Private E-2

    I have tried all day to go thru all the steps listed and my laptop will not let me do some of the things.

    I did update to the correct Sun Java version, ran CCleaner and fixed the view of my folders to show hidden files.

    When I got to the list under Windows XP Cleaning Procedures, that's where my laptop wouldn't do some of the things I tried to do. I dl'ed SUPERAnitSpyware, it is installed but won't run. Spybot Search & Destroy won't install at all. Malwarebytes Anti-Malware installed after I changed the .exe file name but won't open. Combofix won't run when I click the .exe icon on desktop. I did run MGtools and have a zip I have attached here. Please let me know if there is anything else I can do to get the logs you need. This TDSS is very hidden, so I can't manually delete. It has, also, disabled my System Restore. Thanks!!
     

    Attached Files:

    Doris53094, Jan 24, 2009
    #1
  2. Doris53094

    Doris53094 Private E-2

    Ok, I did some searching thru the forums after this post and was I surprised! I found this thread http://forums.majorgeeks.com/showthread.php?t=177951 and it completely turned my problem around. When I disabled it, I was able to go thru all of the steps you asked us to do before we post. Guess what?! It fixed my problem! That nasty TDSS is gone. I have attached the logs so someone here can check and make sure my system is fully free of virus now. I will do a 2nd post to attach all 4 logs.
     

    Attached Files:

    Doris53094, Jan 25, 2009
    #2
  3. Doris53094

    Doris53094 Private E-2

    here is the 4th log. It won't let me attach the new log MGlogs. If you have time to check mine--great! If not, I understand because I feel the problem is fixed. I hope my posts help others with this nasty virus.
     

    Attached Files:

    Doris53094, Jan 25, 2009
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Your logs are clean but you should do the below to correct a few minor details.

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
    O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)

    After clicking Fix, exit HJT.


    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
      • Delete the C:\combofix folder from combofix (if it exists)
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Go to add/remove programs and uninstall HijackThis.
    7. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    8. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    9. After doing the above, you should work thru the below link:
     
    chaslang, Jan 27, 2009
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds