• Announcements

    • Rodion Nagornov

      Недоступность форума // Forum maintenance   08/16/2017

      В связи с техническими работами форум будет недоступен с 20.00 (МСК) 18.08.2017. Максимальное время недоступности - до 20.00 (МСК) 20.08.2017. *** Due to maintenance forum will be unavailable since 8pm (+3 GMT) 18-Aug-2017. The longest possible time of maintenance - till 8.pm (+3 GMT) 20-Aug-2017.
Sign in to follow this  
Followers 0
boon

TDSS Killer not running

16 posts in this topic

Hello,

 

I have recently acquired the windows removal virus... I followed a guide that instructed me to go in and rename the virus located in the all users/application data folder; doing this appears to have stopped the spamming of the visual affects of the virus. However I still can not access the Task manager, all of my files are still considered hidden, I keep getting audio from what seems like a TV commercial through my speakers though nothing is running that I can see visually, I keep getting a plug in script error for internet explore to some random sites, and I can not run TDSS Killer(i have tried renaming as well as changing from .exe to .com). When I click on Tdss killer it does absolutely nothing.

 

Any help would be greatly appreciated... I believe these are the correct files you have requested.

 

GetSystemInfo_BOON_0VRFA58QN8_Boon_2011_04_24_00_31_26.zip

virusinfo_syscure.zip

Share this post


Link to post
Share on other sites

Welcome. If you don't have Kaspersky installed, please feel free to use the AVP Tool. It is linked in the important read me topic, located at the top of this forum page.

Attach its sysinfo.zip.

Share this post


Link to post
Share on other sites

Run this script, instructions: Open the main window of KVRT > Manual disinfection tab > in the field under Step 3 right-click > select Paste from the drop-down menu > click the Execute button. PC will reboot:

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('C:\Documents and Settings\All Users\Application Data\iCEyocHtffAu.exe','');
DeleteFile('C:\Documents and Settings\All Users\Application Data\iCEyocHtffAu.exe');
RegKeyParamDel('HKEY_USERS','S-1-5-21-1229272821-796845957-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run','iCEyocHtffAu');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

After run script, attach a Combofix log, please review these instructions carefully before downloading Combofix, and follow these instructions carefully after downloading Combofix.

 

Before downloading and Saving combofix to Desktop, please rename combofix to something like 123.exe to stop malware from disabling it.

 

Now, please make sure no other programs are running, close all other windows and pause Kaspersky (right click the K icon and click pause protection > Choose the

option "resume manually" if still active) until after the scanning and removal process has taken place.

 

Please double click on the Combofix file you downloaded. Follow the onscreen prompts to start the scan.

Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.

It may take a while to complete scanning and this is normal.

 

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after

scanning has completed.

 

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post. Also, please don't

forget to resume the Kaspersky that you paused.

 

Download Combofix here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

--------------------

The instructions posted here are for the original poster Only. If you have same or other issue, please see the first Important read me topic, and then open a New Topic for yourself.

Share this post


Link to post
Share on other sites

Here is the combofix log... all seems to be running great now, Let me know if there is anything else I should be doing... I really do appreciate your help, you have been awesome!

ComboFix.txt

Share this post


Link to post
Share on other sites

Run this script, instructions same as the last one:

begin
CreateQurantineArchive('c:\quarantine.zip');
end.

A file called quarantine.zip should be created in C:\. Then please zip up C:\qoobox\quarantine and upload both it and C:\quarantine.zip to a filehost such as http://www.mediafire.com/

Then, Private Message me the Download link to the uploaded file. Click my user name and select Send message. Lastly, uninstall Combofix by: pause Kaspersky > Start > run >

type combofix /uninstall > ok. Or Start > run > type 123 /uninstall > ok. Restart Kaspersky.

 

Also, if you use Windows System Restore, turn it off > reboot. This to remove malware from system volume information files. Then turn system restore back on, if you wish. How to turn it off/on: http://support.kaspersky.com/faq/?qid=208279208

 

Also, scan with Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php Update it first, scan and attach its log, but Please Don't remove anything yet, until the log is reviewed.

 

Share this post


Link to post
Share on other sites

Looks good. Any changes with your original issues?

Share this post


Link to post
Share on other sites

Yes! I am no longer receiving any of problems mentioned in my original post, Everything appears to be running correctly at this time

Share this post


Link to post
Share on other sites

Well system took a dump today... everything was running fine but then a window poped up that said windows recovery it started to do what it did previously but this time it went to a blue screen, then restarted the comp automatically, and now when I restart it wont load windows, it just goes in circles continually restarting... I figured I would just format the pc but I can't even do that as it looks out my keyboard halfway through the boot, and when it says hit a button to boot from cd it wont work when i hit a button.....

Share this post


Link to post
Share on other sites

Can you get to your Bios settings, and configure CD drive as first in Boot Order?

Share this post


Link to post
Share on other sites

Yes I can, and I have... however sometime between there and windows starting up it disables my keyboard and when it says push key to boot from cd, it wont allow me to push a key... then the timer runs up and it boots hard drive which then says windows did not shut down properly please choose startup method... however the keyboard is still disabled at this stage so i can't choose anything and it auto defaults to start normally after 25 seconds where it then starts to load windows but crashes and just starts the whole cycle over again... it seems like I have control of the key board right up until it loads the raid on boot. I was thinking maybe using a floppy windows boot disk? as it is I cant even format the drive at present let alone add a new boot sector...

Edited by boon

Share this post


Link to post
Share on other sites

Just got it to boot from cd by hitting F8, I assumed the bios would default to allow this no matter what at that stage... Now debating wither to repair the boot sector or just format....

Share this post


Link to post
Share on other sites

ehh will attempt to rewrite the boot sector... if this does not work i will try format... have a feeling this is in the bios...

 

Edited by boon

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0