Author Topic: [Inactive] Infected With TDSS Rootkit  (Read 32103 times)

0 Members and 1 Guest are viewing this topic.

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25000
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Infected With TDSS Rootkit
« Reply #180 on: February 13, 2012, 02:06:39 pm »
The self extracting cabinets (or CAB's) have a self protection system, when they start installing and unzip, they self check the unzipped files and if the signature of the file is wrong, the install fails. So you probably could have reinstalled from it with no problem, but what you did do also is fine.

How is Firefox running? Adobe?


Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline soupman

  • Bronze Member
  • Posts: 144
Re: [In Progress] Infected With TDSS Rootkit
« Reply #181 on: February 13, 2012, 02:47:53 pm »
So if I understand you correctly, it didn't matter that the old CAB was there, the reinstall of Silverlight was ok and, from what I've seen so far, didn't solve my problem.

Firefox is running fine. Secunia prompted me to upgrade it to 10.0.1. I waited a couple of days thinking Firefox would auto update itself (it's enabled) but it didn't. So I did it through Secunia. After that didn't help Silverlight - I tried the uninstall/reinstall.

I have not seen a problem with Adobe.

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25000
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Infected With TDSS Rootkit
« Reply #182 on: February 13, 2012, 04:51:39 pm »
Can you give me an example of a video that you are having problems with?

Have you tired clearing your browser cache since reinstalling silverlight and updating firefox?

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline soupman

  • Bronze Member
  • Posts: 144
Re: [In Progress] Infected With TDSS Rootkit
« Reply #183 on: February 15, 2012, 12:56:22 pm »
Originally noticed the problem with the embedded (right word?) Silverlight videos in the MSN Money articles. Today I went to the top of the MSN page>video>bing video search and tried the ones there.
Same problem. Video tries to start and I get a black screen.

I had NOT run Ccleaner right before I did all this but that makes perfect sense. I tried clearing all now but no luck. Do you think I should Cclean, uninstall Silverlight, delete CAB, reinstall Silverlight?

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25000
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Infected With TDSS Rootkit
« Reply #184 on: February 15, 2012, 01:15:22 pm »
I just checked those video's and they seem to be Flash video's. It could be that you have an error in your file type's. Try reinstalling Flashplayer and see what happens.

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline soupman

  • Bronze Member
  • Posts: 144
Re: [In Progress] Infected With TDSS Rootkit
« Reply #185 on: February 15, 2012, 03:18:44 pm »
Just to clarify...

If I right click on the box in the middle of this page it says "Silverlight", is black and doesn't work. The smaller boxes below it say they're Flash and when I hover over them, they work.   
http://money.msn.com/investing/why-the-rich-stash-cash-offshore-smartmoney.aspx

When I go here
 http://www.bing.com/videos/browse?q=&x=121&y=15&form=MSNH14&qs=n&qs=n&sk=&sk=
and try to light up any of these I get the same thing... black screen, right click says "Silverlight" and won't go.

If your advise is still to reinstall Flash, research says to use Flash Player Uninstall Tool from Adobe not Add/Remove?

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25000
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Infected With TDSS Rootkit
« Reply #186 on: February 15, 2012, 03:25:48 pm »
Don't worry about the reinstall Flash. I was seeing different video's than you. But I am doing some reading on your problem and I found one person with the same issue as you, and I would like you to try something. On a page that the silverlight video gives you a black screen, refresh the page and let me know what happens.

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline soupman

  • Bronze Member
  • Posts: 144
Re: [In Progress] Infected With TDSS Rootkit
« Reply #187 on: February 15, 2012, 05:32:14 pm »
Refreshed on both links I gave you and the same thing happens. The video tries to start (a circle of blue dots) and then nada, black screen.

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25000
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Infected With TDSS Rootkit
« Reply #188 on: February 15, 2012, 05:59:53 pm »
Lets try this, right click on the video box and when silverlight appears click on it. In the box that pops-up in the playback tab, make sure both options are checked. Then go to application storage tab, and click the delete all button and make sure the enable application storage is checked. Click OK. Now reboot your computer and test it again. Let me know what happens.

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline soupman

  • Bronze Member
  • Posts: 144
Re: [In Progress] Infected With TDSS Rootkit
« Reply #189 on: February 16, 2012, 10:48:57 am »
In the playback tab, the second option (hardware acceleration) is greyed out and inactive. Completed the balance of your instructions with no results after reboot.

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25000
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Infected With TDSS Rootkit
« Reply #190 on: February 16, 2012, 03:35:54 pm »
Go back into their and clear out all the items in the application storage area. Reboot the computer and try again.

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25000
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Infected With TDSS Rootkit
« Reply #191 on: February 27, 2012, 03:52:58 pm »
soupman, where you able to resolve your problem with silverlight?

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline soupman

  • Bronze Member
  • Posts: 144
Re: [In Progress] Infected With TDSS Rootkit
« Reply #192 on: February 29, 2012, 01:35:06 pm »
Sorry I wasn't clear. I did clear out all the items in the application storage area, as you asked, and it didn't work. Researched the "greyed out" hardware acceleration tab subject and found indications that it could be related to my ATI video driver. After much research and preparation I am ready to uninstall and reinstall that driver again. (I did it last year but I now know it didn't go exactly right. I should have had .NET 2.0 or higher which I now have.)

In the meantime something has gone terribly wrong. Strange little things have gotten worse over the last couple weeks or so and bad the last couple of days.

Started with a couple of unusual freezes and hard restarts.

Then I start getting this box saying "This computer is in use and has been locked. Only ... or an administrator can unlock this computer." Asks for user/password. I'd never seen this box before.

Then my battery backup wouldn't connect. That's never happened before. Couple of regular restarts took care of that.

During one funky episode I tried to go to Task Mgr to see what was going on and got "The application failed to initialize properly (0xcoooo12d). Click on ok to terminate the application." Never seen before. I believe I eventually got through that ok.

I've also had a couple of other application error boxes that I didn't write down. Today I got "PSIA.exe app error" "The instruction at Ox0044a321 referenced memory at 0x00000028. The memoty could not be "written". Click ok to terminate the program" I clicked through this one and then got "ISSCH.exe app error"  Similar message exept the memory could not be "read". I could not get past this one and had to hard restart.

Related or not I've had to uninstall/reinstall both Avast and Online Armor in the last month. Researched both situations and appeared to be common things that other folks were having to do also. Both went well with no problems.

   

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25000
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Infected With TDSS Rootkit
« Reply #193 on: February 29, 2012, 06:43:05 pm »
download this Antirootkit Program to a folder that you create such as C:\ARK, by choosing the "Download EXE" button on the webpage.

Disable the active protection component of your antivirus and antispyware programs by following the directions that apply here:
http://www.bleepingcomputer.com/forums/topic114351.html

Next, please perform a rootkit scan:
  • Double-click the randomly name EXE located in the C:\ARK folder that you just downloaded to launch it
  • When the program opens, it will automatically initiate a very fast scan of common rootkit hiding places.
  • When the "quick" scan is finished (a few seconds), click the Rootkit/Malware tab,and then select the Scan button.
  • Leave your system completely idle while this longer scan is in progress.
  • When the scan is done,  save the scan log to the Windows clipboard
  • Open Notepad or a similar text editor
  • Paste the clipboard contents into a text file by clicking Edit | Paste or Ctl V
  • Exit the Program
  • Save the Scan log as ARK.txt and post it in your next reply. If the log is very long attach it, please.
  • Now, re-enable the active protection component of any antivirus/antimalware programs you disabled before performing the scan.

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline soupman

  • Bronze Member
  • Posts: 144
Re: [In Progress] Infected With TDSS Rootkit
« Reply #194 on: March 01, 2012, 03:33:47 pm »
I read in another post that you haven't been feeling so good these last few weeks. I hope you're feeling better, Hoov.

I deemed the log too long to post, so it's attached...