chuckm441

How to remove TDL File System?

14 posts in this topic

Hello. I have a notebook that was infected by TDSS (TDL), I believe version 4. I have partially cleared it by running MBRFIX from the XP Recovery Console (this is XP SP3). KAV Rescue CD sees nothing (I last ran the latest version, and updated it after booting from it, a week ago). TDSSKiller with the command line prompt -tdlfs finds the TDL File System, but will only Skip or "Quarantine" it, not remove it. TDSSKiller run just from the Desktop sees nothing. When TDSSKiller quarantines the TDLFS, all it does is make a copy of the files, but leaves the TDLFS intact. Can anyone tell me how to manually remove the TDLFS using KAV Rescue or any other bootable tech tool? Or any other suggestions?

 

Thank you! Chuck

 

P.S. I have also tried and failed with MalwareBytes (sees nothing), Trojan Remover, ComboFix (with rKill), and several others. I am at a standstill.

 

Share this post


Link to post
Share on other sites

Welcome. Please see the first Important read me topic and post the screenshot and post the GSI report link and also attach the AVZ .zip that are all requested and instructed.

Share this post


Link to post
Share on other sites
Welcome. Please see the first Important read me topic and post the screenshot and post the GSI report link and also attach the AVZ .zip that are all requested and instructed.

 

Thank you for redirecting me, I should have read the instructions first. I apologize.

 

 

Here is what you asked for:

 

GetSystemInfo Analysis URL: Get System Info Analysis

 

The AVZ zipped up log file is attached.

 

The TDSSKiller Screen Shot.

 

And, in case it helps, the TDSSKiller report.

 

And if you would like, I can upload the TDSSKiller quarantined files as well. Let me know on that.

 

 

Thank you! Chuck

virusinfo_syscure.zip

TDSSKiller.2.4.12.0_10.01.2011_13.43.21_log.txt

post-327749-1294685218_thumb.jpg

Share this post


Link to post
Share on other sites

Hello,

 

Please send me the TDSS Killer quarantined files and new TDSS Killer Log.

 

Thanks.

Share this post


Link to post
Share on other sites
Hello,

 

Please send me the TDSS Killer quarantined files and new TDSS Killer Log.

 

Thanks.

 

 

Here they are, both attached.

 

 

Thank you! Chuck

 

/edit: Deleted attached quarantine TDSSKiller_Quarantine.zip ( 41.13K ) Number of downloads: 2, and Sent it to Danilka.

TDSSKiller.2.4.12.0_10.01.2011_15.09.58_log.txt

Edited by richbuff

Share this post


Link to post
Share on other sites
Hello,

 

Please send me the TDSS Killer quarantined files and new TDSS Killer Log.

 

Thanks.

 

As an update, in case this helps, I just finished running a scan with today's copy of Kaspersky Virus Removal Tool 2010, and it identified the "quarantined" TDSS files as "Trojan-Downloader.Win32.Agent.fpku".

 

Thanks again, Chuck

Share this post


Link to post
Share on other sites

Hello!

 

After removing active TDSS infection it file system poses no threat. TDSSKiller detects it only when forced run with switch "-tdlfs". In future versions if utility we can add cleanup for it.

Share this post


Link to post
Share on other sites
Hello!

 

After removing active TDSS infection it file system poses no threat. TDSSKiller detects it only when forced run with switch "-tdlfs". In future versions if utility we can add cleanup for it.

 

Yes, I ran it with the command line switch "-tdlfs". That's how I knew the TDLFS file system was still there. But if TDSSKiller currently will not remove the TDLFS, how can I remove it, even manually? I don't think it should be left on the drive at all. That is what I am asking for help with. How do I remove the TDLFS?

 

Thanks! Chuck

Share this post


Link to post
Share on other sites
As an update, in case this helps, I just finished running a scan with today's copy of Kaspersky Virus Removal Tool 2010, and it identified the "quarantined" TDSS files as "Trojan-Downloader.Win32.Agent.fpku".

 

Did the "old" KVRT detect them? If not you could try scanning again with an updated Rescue Disk, don't know if this is going to help but, better than just doing nothing.

Share this post


Link to post
Share on other sites
Did the "old" KVRT detect them? If not you could try scanning again with an updated Rescue Disk, don't know if this is going to help but, better than just doing nothing.

 

No, the KVRT never saw the TDLFS at all, "new" or "old". And I have ran the latest Rescue Disk twice (newly downloaded and burned each time), once last week, and once two weeks ago. That never saw the TDLFS either. I suppose I can burn another CD with another latest Rescue CD while I'm waiting for the answer ... and I will. Is there some kind of switch we could use with the Rescue CD scanner to make it look for or see the TDLFS? The Rescue CD File Manager didn't show the TDLFS either time I looked for it.

 

Thanks! Chuck

Share this post


Link to post
Share on other sites

Read that post again, i asked if the old KVRT could detect the quarantined files, not the TDLFS.

Share this post


Link to post
Share on other sites
Read that post again, i asked if the old KVRT could detect the quarantined files, not the TDLFS.

I'm sorry I misread your post, and I don't remember either. I've also deleted the original KVRT tool I ran, so I can't just rerun it to see (and deleted the original TDSSKillers besides). I wish I could tell you, but I can't.

 

Thank you, Chuck

Share this post


Link to post
Share on other sites
TDSSKiller updated (2.4.13.0). Now it can clean TDLFS

 

Yury Parshin, you are the best! Now I know I'm clean! God bless you, and God bless Kaspersky!

 

Thank you, thank you! Chuck

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.