|Hi there! I'm SongCloud and I'd be happy to help you get rid of this infection. Please note that I am a volunteer and may not respond immediately to questions. |
There may be infected files on your machine and due to the nature of the TDSS rootkit, they may be hidden from Norton and other scanners.
Please review all of my instructions first and ensure that all of the requested files are downloaded before beginning. If you have any questions or are unsure of any of my instructions, please ask me before proceeding.
First of all, please terminate Norton's on-access or real time scanner before beginning these instructions as it will interfere with the programs will will be using. Also exit or stop SpyDoctor as well to ensure it will not conflict with our scans.
To begin with, download RKill from here: http://download.bleepingcomputer.co... and save it to your desktop.
Right click on the RKill icon and click "Run as Administrator". Click yes to the UAC prompt. Allow RKill to run and it will kill any currently running malware. Once it is done, it will open a log called RKill.log which should also be saved to C:\Rkill.log. Please copy/paste the contents of this log into your next reply.
Next download TDSSKiller from http://support.kaspersky.com/downlo... and save it to your desktop. Right click on TDSSKiller and select Run as Administrator. When the program opens, click on "Change Parameters" and check the box for "Verify driver digital signatures" and also the box for "Detect TDLFS file system". Click OK and start scan.
**IMPORTANT** DO NOT CLEAN ANY DETECTIONS THAT ARE FOUND YET.
Once the scan is done, select "Skip" as the action for any suspect files. If the TDSS infection is found or the TDLFS file system is found, these can be cleaned and a reboot will be needed. The scan/cleaning will place a log file in the root of the C: drive, please attach it to your reply.
Next download aswMBR from http://public.avast.com/~gmerek/asw... and save it to your desktop. Right click on the downloaded file and select "Run as Administrator". Once it is running, select No at the prompt to download the Avast! virus definitions. Click on the scan button and allow the program to scan for bootkit/rootkit infections. DO NOT ATTEMPT TO CLEAN ANY SUSPECT OR INFECTED FILES AT THIS TIME. Click on the button labeled "Save log" and save the log to your desktop. Please include this log in your next reply.
Finally, download OldTimer's List it from http://oldtimer.geekstogo.com/OTL.exe and save it to your desktop. Right click on the download file and select "Run as Administrator". When the program is running, check the boxes for "LOP check" and "Purity Check". If you have a 64-bit machine, be sure that the box at the top labeled "Include 64bit Scans" is checked. Now click on the Run Scan button. Allow the program to scan. When it is complete, it will open up 2 log files named Extras.txt and OTL.txt, both will be saved to your desktop. Please cut and paste these into your reply.
Once you have run these scans, please copy/paste the contents of the requested logs in your reply back here. There should be 5 total logs. (The RKill log, the TDSSKiller log, the aswMBR log, OTL.txt and Extras.txt.) I will review the logs and will let you know what we need to do next.
IT Desktop & Network Consultant - MOS Master Certified, MCP, MCITP - Windows 7, CCNA Certificate Pending, A+, Network +