rootkit tdss

September 1, 2009 at 20:12:28
Specs: Windows XP
I appear to have a rootkit.tdss on my XP. I have run malwarebytes...it detects and removes the problem, but on restart it is still there. Kapersky: same thing, or no detection at all. Please help me remove this thing!

See More: rootkit tdss

Report •


#1
September 1, 2009 at 21:32:55
Make sure, that there is no internet connection possible, while you use that tools to remove the rootkit. Otherwise, it still downloads itself again and you are still at the beginning.
Best is to start windows in safe mode, with no internet connection and then run e.g. malwarebytes.

Please send a reply, if you solved the problem !!!


Report •

#2
September 2, 2009 at 07:28:12
still the same result. Evidently malwarebytes is not removing it and kapersky does not recognize that it is there?

same results with hijack this. trying another download this AM.

will uninstalling everything and reinstalling all software help? I have backup--will start over if need be.


Report •

#3
September 2, 2009 at 08:24:24
What does Malwarebyte's Antimalware report ?
There are a few anti root kit solutions , So help us out here , perhaps you could post the MBAM log .

PS. uninstalling software programs will not help , the root kit is in the operating system .


Report •

Related Solutions

#4
September 2, 2009 at 11:28:12
malwarebytes log is:
Malwarebytes' Anti-Malware 1.40
Database version: 2723
Windows 5.1.2600 Service Pack 3

9/2/2009 2:26:23 PM
mbam-log-2009-09-02 (14-26-23).txt

Scan type: Quick Scan
Objects scanned: 95511
Time elapsed: 4 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbiwkmloyxvklr (Rootkit.TDSS) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Report •

#5
September 2, 2009 at 13:14:51
This link below shows how to use Rootrepeal ,

http://www.malwarebytes.org/forums/...

Rootrepeal you get from this link ,

http://rootrepeal.googlepages.com/

Remember we are looking for kbiwkmloyxvklr

You could try Sophos Anti rootkit free
http://www.sophos.com/products/free...

Or the fully functional evaluation copy of Unhackme

http://greatis.com/unhackme/downloa...

PS. If you have Spybot s&d close teatimer .
..........



Report •

#6
September 2, 2009 at 13:23:20
had to uninstall spybot in order to install kaspersky, so no problem there. thanks for the info--will run some of that and get back in a bit...
thx.

Report •

#7
September 3, 2009 at 09:23:01
I also had Rootkit.TDSS, something about SKYNET. Malwarebytes detected it but could not remove it. I tried Spyware Doctor and it did the trick. No more problems.

Report •

#8
September 3, 2009 at 12:45:51
I seem to be clear now--did spyware doctor earlier and nothing showing on scan. I will keep these suggestions if I need in the future. Thank you all for your help!
CK

Report •

#9
September 3, 2009 at 13:55:53
Thanks for getting back to us as you feedback will help others

Report •


Ask Question