Removing Trojan.TDSS

Lenovo Thinkpad t61
August 30, 2009 at 01:15:05
Specs: Windows XP SP3
Hi, I just scanned my laptop with
Malwarebytes and it found a couple of Trojans
and it told me it was necessary to restart in
order to completely remove them. After it
restarted I scanned it again and it found one
remaining Trojan (Trojan.TDSS) and I had to
restart again. I rescanned and restarted about
5 times but Malwarebytes keeps finding it. I
also scanned with Spybot Search and Destroy
but it didn't find anything after the second
search. So I want to know how to remove this
last Trojan.

See More: Removing Trojan.TDSS

Report •


#1
August 30, 2009 at 14:01:44
Try this goto device manager >> view >> show hidden >> and scroll to TDSSserver.sys or anything that starts TDSS and disable , DO not delete as it will put it's self back on again , then re-scan with MBAM .

Report •

#2
August 30, 2009 at 19:13:56
I tried that but I don't see anything that starts with TDSS. There's a yellow exclamation point next to something that says Parport though does that mean anything? I tried to remove it manually from the Registry (its called SKYNETalxjnawv) but it just keeps saying "unable to delete all specified values".

I downloaded CCleaner to clean out my registry but Malwarebytes is still detecting the Trojan. I am at a complete lost at what to do and its's been 3 days since I've had it.


Report •

#3
August 30, 2009 at 23:31:21
@ Hertinas

I went to the site but when I click on the links it doesn't open them.


Report •

Related Solutions

#4
August 31, 2009 at 04:21:56
OK try this d\l Process Explorer open and look for a process called skynet , right click it and kill process then scan again with Malwarebyte's Antimalware , and let us know how you got on .

http://majorgeeks.com/Process_Explo...


Report •

#5
August 31, 2009 at 10:59:26
Hello noir98 , Update I have just dealt with another case of SKYNET on another forum , A change of AV to Avast free did the trick .


http://www.avast.com/eng/avast_4_ho...

Good luck


Report •

#6
August 31, 2009 at 14:05:29
I looked for the Skynet file in the Process Explorer but it wasn't there. I downloaded Avast last night and scanned my laptop. It found 2 infected file and suggested moving them to the chest which is what I did. I scanned with mbam again and it found the virus again but instead of being called "Trojan.TDSS" it said "Rookit.TDSS" but it is still has the same file name. Mbam still
cannot remove it though. Avast wasn't running properly so I deleted it and redownloaded it. I am currently scanning so I will let you know if I was able to remove the virus.

Report •

#7
August 31, 2009 at 15:55:01
I scanned with Avast twice and it hasn't found anything but Malwarebytes is still finding the rookit.

Report •

#8
August 31, 2009 at 17:20:17
Well this a different problem , Try the easy ways first .

http://www.sophos.com/products/free...

Or this fully working evaluation copy ,

http://greatis.com/unhackme/downloa...

As I say there is the hard way but give these a try first and after that run MBAM again and post the log here .

..........


Report •

#9
August 31, 2009 at 17:34:58
I forgot to mention with Avast you can schedule a boot time scan this will scan the system before it actually loads , Dealing with the malware before it wakes up so to speak .
You'll find this in options .

Report •

#10
August 31, 2009 at 19:38:06
Thank you very much for all your help! I think my laptop is fixed now. I just scanned with Malwarebytes and it finally came out clean. If I have any more problems I'll be sure to ask. Thanks again.

Report •

#11
September 1, 2009 at 02:48:47
Thank you for getting back to us , your feed back will help others .

Report •


Ask Question