TDSS Trojan

Discussion in 'Computer Support' started by Scott269, Nov 1, 2008.

  1. Scott269

    Scott269 Guest

    Ok, so my father, ugh, running XP Home Edition, recently clicked
    "Remove" on a "Do you want to remove spyware from your computer??"
    popup and was infected with xp-antispyware 2009. *groan* .

    Anyways, I got him Malwarebytes Anti-Malware installed and scanned and
    removed the nasty stuff. Only problem is one was left, Trojan-TDSS.
    I tried the usual stuff of boooting into SafeMode and running the
    scanner there and it again found it and claimed to remove it but it
    came right back. I did a registry search and found a couple instances
    of it in a registry directory called TDSSSYS.SYS and proceeded to
    delete them. But, after every reboot they came back and Malwarebytes
    continued to find the trojan and "remove" it without actually fully
    removing it. Seems to block me from doing a system restore also, I
    gave that a try and after selecting the date and clicking Next,
    nothing happens, it just sits there. I'm not near the computer right
    now so I can't post a HijackThis log at the moment. Any suggestions
    on something that will remove this bastard?
     
    Scott269, Nov 1, 2008
    #1
    1. Advertising

  2. Scott269

    chuckcar Guest

    Scott269 <> wrote in
    news::

    > Ok, so my father, ugh, running XP Home Edition, recently clicked
    > "Remove" on a "Do you want to remove spyware from your computer??"
    > popup and was infected with xp-antispyware 2009. *groan* .
    >
    > Anyways, I got him Malwarebytes Anti-Malware installed and scanned and
    > removed the nasty stuff. Only problem is one was left, Trojan-TDSS.
    > I tried the usual stuff of boooting into SafeMode and running the
    > scanner there and it again found it and claimed to remove it but it
    > came right back. I did a registry search and found a couple instances
    > of it in a registry directory called TDSSSYS.SYS and proceeded to
    > delete them. But, after every reboot they came back and Malwarebytes
    > continued to find the trojan and "remove" it without actually fully
    > removing it. Seems to block me from doing a system restore also, I
    > gave that a try and after selecting the date and clicking Next,
    > nothing happens, it just sits there. I'm not near the computer right
    > now so I can't post a HijackThis log at the moment. Any suggestions
    > on something that will remove this bastard?
    >

    Searching for the fix on Symantec's website. A *lot* of malware has to be
    removed in an *exact* manner. Most likely you missed a registry hook and
    it "repaired" itself on reboot.

    --
    (setq (chuck nil) car(chuck) )
     
    chuckcar, Nov 1, 2008
    #2
    1. Advertising

  3. Scott269

    Guest

    Scott269 <> wrote:

    > I did a registry search and found a couple instances
    >of it in a registry directory called TDSSSYS.SYS and proceeded to
    >delete them. But, after every reboot they came back and Malwarebytes
    >continued to find the trojan and "remove" it without actually fully
    >removing it.


    Your deleting the child not the parent program.
    Use hijackthis

    Go here http://hijackthis.de/en download
    http://download.hijackthis.eu/HJTInstall.exe

    No need to install, just run it; Scan, save log, copy then, paste the
    log file into http://hijackthis.de/en click analyze. Google first of
    course, but Red should be deleted and yellow researched.

    And whatever it is could be in your restore points. so turn restore
    off.

    Also you can find your problem with Process Explorer, by double
    clicking on the program, read it's image, delete it's source.
    http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

    Autoruns is also good for just turning off malware, instead of
    removing it, found from the same site as Process Explorer

    --

    Octopus wreaks havoc
    http://tinyurl.com/5a879m
     
    , Nov 1, 2008
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Joel Rubin
    Replies:
    2
    Views:
    709
  2. Tommy McClure

    Re: Trojan Agent TDSS

    Tommy McClure, Oct 23, 2008, in forum: Computer Support
    Replies:
    1
    Views:
    1,714
    Tommy McClure
    Oct 23, 2008
  3. Re: Trojan Agent TDSS

    , Oct 23, 2008, in forum: Computer Support
    Replies:
    0
    Views:
    541
  4. Tommy McClure

    Re: Trojan Agent TDSS

    Tommy McClure, Oct 23, 2008, in forum: Computer Support
    Replies:
    0
    Views:
    641
    Tommy McClure
    Oct 23, 2008
  5. dfinc
    Replies:
    2
    Views:
    591
    dfinc
    Aug 6, 2009
Loading...

Share This Page