TechSpot

Rootkit.tdss infection

By rastaman
Oct 9, 2009
  1. I seem to have been infected by the above mentioned rootkit. cant seem to get it removed by MBAM or SAS. I also tried using the tdsskiller by kaspersky but to no avail. I initial became aware of this after getting the TotalSecurity malware. MBAM was able to remove that but fails on the TDSS. It claims it was removed but returns after a reboot.m Below are my logs cant seem to get SAS log up. Thanks in advance
     
  2. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    What version of Windows are you running? Remove AVG and install and run Avast free antivirus. See what it finds
     
  3. rastaman

    rastaman TS Rookie Topic Starter Posts: 21

    its a 2k3 box, i will try avast and post the results shortly
     
  4. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    Ok thanks I hadn't seen that OS abreviation, in the Hijackthis log... Windows 2000 SP3. Good luck :)
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    There is a line in Mbam that you check for removal of what it finds. When the logs has No action taken, it means you didn't check it. Update, check the line and rescan.

    Are you doing specialized work with the terminal service Client? Maybe related to PMSI?

    I don't know if this will work, but give it a try:

    Go to start > run and type cmd
    A dos Window will appear.
    Type next in the dos window: netsh winsock reset catalog
    hit enter.

    Reboot and post a fresh HJT log.

    You might want to hold off on changing the AV. You have other issues that need to be resolved.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...