Author Topic: [Inactive] Infected With TDSS Rootkit  (Read 34555 times)

0 Members and 1 Guest are viewing this topic.

Offline soupman

  • Bronze Member
  • Posts: 144
Re: [In Progress] Infected With TDSS Rootkit
« Reply #75 on: June 15, 2011, 05:44:07 pm »
Uninstalled Fuji, installed HP... All good.
Msconfig... no luck.

Ran autoruns... was able to uncheck all in services except one avast and two online armor lines. Got error message, "Error changing items state: access is denied". Was able to uncheck all in logon. Checked all again the way they were. Did not go any further.

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25707
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Infected With TDSS Rootkit
« Reply #76 on: June 15, 2011, 06:03:48 pm »
Go ahead and try it that way. Some security software will not let anything terminate it, or change any of its entries. If the computer still runs poorly with those checked and the rest unchecked, then we will have to terminate them another way.

Let me know how that works for you.

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline soupman

  • Bronze Member
  • Posts: 144
Re: [In Progress] Infected With TDSS Rootkit
« Reply #77 on: June 16, 2011, 06:45:53 pm »
Unchecked all but the three and restarted twice. Except for the fact that the end of the login was a little shorter because it wasn't loading all the stuff it normally would, the rest was the same.

Remembering that we're trying to determine if longer boot times after running ComboFix are a bad thing, I'm starting to wonder if the "update/installation" that ComboFix did to my very old system "Recovery Console" (which is apparent at the beginning of the reboot) is a good thing that simply takes longer.

The End Program box has been gone for a week. Overall the system continues to run well with no issues.

Admin box is still a mystery.

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25707
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Infected With TDSS Rootkit
« Reply #78 on: June 16, 2011, 07:05:24 pm »
You can try removing the recovery console, but it probably will only shave off a few seconds.

1. Log on as local administrator.

2. Double click on "My Computer" icon on the desktop.

3. In "My Computer"  open: Tools -> Folder Options -> View -> Mark the checkbox
       "Show hidden files and folders" -and clear the "Hide protected operating system

       files" checkbox (please press on "Yes" to the confirm message).
 

4. Double click on the %systemdrive% (usually "C" drive) and delete "cmdcons" folder and the cmldr file from
       the root drive.

5. Right-click boot.ini on the system partition and select Properties, then clear the "Read-only" checkbox.

6. Double click on the "boot.ini" file (the file reside in the root of the %systemdrive%).

7. Remove the line C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons and the line about the debugger.

8. Save the boot.ini file and close the text editor.

Reboot the computer and see how that goes.

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline soupman

  • Bronze Member
  • Posts: 144
Re: [In Progress] Infected With TDSS Rootkit
« Reply #79 on: June 20, 2011, 09:47:54 am »
No, thanks anyway. I think the updated console is probably worth a few seconds. If your thinking the longer sections in the boot I've described to you could all be related to the console, and based on our last go 'round with autoruns there is no where else to look, then I'll just chalk the longer times up to a better system. I'm ok with that.

Any more thoughts on the admin box?

Can I start deleting old programs now? I'm still thinking these two might be related.

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25707
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Infected With TDSS Rootkit
« Reply #80 on: June 20, 2011, 10:06:11 am »
You can delete the old programs now. As for the Admin box, I am at a total loss. We could try a repair install, but we will have to slipstream SP3 into the install disc you have and create a XP SP3 install disc prior to the repair. I have the instructions if you want to try it. If you don't, I don't think it will cause you any problems, and if it does you can come back and I can take you thru it.

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline soupman

  • Bronze Member
  • Posts: 144
Re: [In Progress] Infected With TDSS Rootkit
« Reply #81 on: June 22, 2011, 11:39:38 am »
Fair enough. I will wait and come back if I have to.

I'm trying to update my ATI Radion x300 driver. Following the ATI instructions, when I uninstall from add/remove then clean out temp files and restart, the driver reloads. When I Google this problem I see many, different, "solutions". Can you help me sort this out?


Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25707
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Infected With TDSS Rootkit
« Reply #82 on: June 22, 2011, 12:01:57 pm »
Did you follow these instructions?

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline soupman

  • Bronze Member
  • Posts: 144
Re: [In Progress] Infected With TDSS Rootkit
« Reply #83 on: June 22, 2011, 12:34:27 pm »
Yes, exactly.
When I went to clear temp files I was unable to remove two things. One was the Avast folder and the other was a Perflib_Perfdata_bc file. Said were being used by "another person or program".
Other than that those are the directions I followed.

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25707
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Infected With TDSS Rootkit
« Reply #84 on: June 22, 2011, 01:14:35 pm »
Go ahead and install the new software. It should update the old drivers.

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline soupman

  • Bronze Member
  • Posts: 144
Re: [In Progress] Infected With TDSS Rootkit
« Reply #85 on: June 25, 2011, 10:59:44 am »
Had already tried a couple of times, but you were right. Thank you for pointing me in the right direction.
Updating old drivers seems to be making the biggest improvment in performance, as opposed to deleting old programs.
Which program do you recommend for identifing drivers or programs that need updating?


Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25707
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Infected With TDSS Rootkit
« Reply #86 on: June 25, 2011, 11:23:05 am »
As for programs, I recommend using Secunia PSI as for checking drivers, to be totally honest I do it myself. Between Secunia, Windows Update, and reading several forums, I generally keep my drivers good.

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline soupman

  • Bronze Member
  • Posts: 144
Re: [In Progress] Infected With TDSS Rootkit
« Reply #87 on: June 27, 2011, 03:19:38 pm »
My Secunia score is now 100% and watching. Computer proformance is much improved. Thanks.

Will run Ccleaner again. Should I also run the Ccleaner registry cleaner?

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25707
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Infected With TDSS Rootkit
« Reply #88 on: June 27, 2011, 06:42:18 pm »
No. Registry cleaners really don't need to be run except on a few rare occasions. Do you have any other problems, questions or concerns?

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline soupman

  • Bronze Member
  • Posts: 144
Re: [In Progress] Infected With TDSS Rootkit
« Reply #89 on: June 30, 2011, 06:02:36 pm »
A Bootex file turned up on my thumbdrive saying, among other things, "This type of the file system is FAT. The volume is dirty." It's never been there before. Can you help me with this?