TDSS.d!mem detected but not deleted by McAfee

July 30, 2011 at 09:24:17
Specs: Windows XP Media Center Edition, Pentium 4/1.0 Gb
The Full Path is listed as SUSP_IRP_MJ_CREATE, but this means nothing to me. How can I delete/defeat this trojan?

See More: TDSS.d!mem detected but not deleted by McAfee

July 30, 2011 at 12:11:33

Please download aswMBR:
Save it to the Desktop.

XP users - Double-click aswMBR.exe to start the tool.
Vista/Windows 7 users - Right-click and select: Run as Administrator

Click Scan

Upon completion of the scan, click ‘Save log’ and save it to the Desktop,
Note - Do NOT attempt any fix anything!!.

Please post the log produced by aswMBR in your next reply.

You will notice that another file is created on the Desktop. It is named MBR.dat.

If you have a USB flash drive, please move the mbr.dat file to it.
If not, move the mbr.dat from the Desktop, to the C:\ drive.

This is important, just in case we need to have access to the MBR information!!

Next, download TDSSKiller

Execute TDSSKiller.exe by double-clicking on it.

Click: ‘Start Scan’

If Malicious objects are found, DO NOT allow the tool to Cure.
Click the arrow next to 'Cure' and select Skip
We need to see the report first, as it may show false detections!!

Click Continue.

When the tool is done, a log is produced at the root drive which is typically C:\
For example, C:\TDSSKiller.

Also post the TDSSKiller log in your reply.

Retired - Doin' Dis, Dat, and slapping malware.

Report •
Related Solutions

Ask Question