TDSS killer Backups, how to restore quarantined items? Options

[MerciMe]

Thanks for your patience. I did correct my script with the terminating quote marks but it still did not run. Now when I try to run the scan it doesn't run. Stays at the "Please be patient" and hours later is still there. Not sure if you received my reply but did run these scripts for one file from the C prompt in MSDOS and it ran. All directories and files in the TDSSKiller_Quarantine looks the same with the exception of the one file I successfully changed in MSDOS. When I ran it, it did ask if I wanted to overwrite the file so thought I needed to add an overwrite switch (/Y)to the copy command line. So I added that and ran it but to no avail.

[MerciMe]

Hi,

Can you provide me the TDSS Qlook logfile, so I can made a correct script to use.

Your script don't work because the wrong usage of the commands and wrong and missing ""

Wrong
REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0000\svc0000\tsk0000.dta ov550i.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0000\svc0000\ov550i.sys
C:\Windows\System32\Drivers\

Good
REN "C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0000\svc0000\tsk0000.dta" ov550i.sys
COPY "C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0000\svc0000\ov550i.sys" C:\Windows\System32\Drivers\

This will also work
COPY "C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0000\svc0000\tsk0000.dta" C:\Windows\System32\Drivers\ov550i.sys

Because I could not run the batch file, I used the c prompt in msdos to enter all of the rename and copy commands for each of the 23 files that were quarantined. All appeared to sucessfully execute except QuickBook files (couldn't find the path) but I will deal with that later. However, I still have issues with the computer such as no "search" and IE Explorer does not display some pages normally and Facebook does not display although I can log in. So I looked at the files I renamed/copied and a few have a basic windows icon which as I recall means that it is not an active program? But those are CTsvcCDA.exe, MsPMSPSV.exe. I can't see those causing the problems I am having. Any other suggestions?

This post has been edited by MerciMe: 14.05.2012 10:10