help with rootkit (Alureon, TDSS, Tidserv, TDL3)

Custom Search

Hack in The Box
Experts Galaxy
UK Cheapest Hosting
DJ Software
Scanpst.exe
A3 Multifunction
Electricity Prices
Texas Electricity
Electricity Rates in Texas
Electric Companies in Texas
Web Design Geelong
SellSimple
MSN
Wallpapers
NewsApp Portal
Recover files from recycle bin

[Welcome to SCforum.info - Security [CENTRAL] Forum]

Welcome to SCforum.info - Security [CENTRAL] Forum, a home of the SCF Community devoted to provide Computer related News, Alerts, Downloads and FREE Help in such a way that even the novice computer user can understand.

Getting started using our community is extremely easy, check the two steps below:

Step 1: Create an account by clicking here and wait for approval from Administrator. It's completely free with no hidden strings attached.

Step 2: If you have a computer problem and need some help, or just want to take part in opened discussions, simply browse Forum. Once you *Register an account, you can quickly post your questions and comments.

(*Registered Members get: free support, also, they can communicate privately with other members via PM, removal of this message, see fewer ads and much more...)

[rkprd]

hello i posted this question in another section and was told to ask here- http://scforum.info/index.php?topic=3849.msg9946#msg9946
i already downloaded kaspersy rescue disk 2009 and it wont boot from the cd and i know i burned it right. i also tried with the malware programs  on ultimate boot cd and they didnt work either something about some missing files. are there other programs i can use to get rid of this rootkit?

[Samker]

Hi R.,

for the start please download and run this tool provided by Kaspersky: http://support.kaspersky.com/downloads/utils/tdsskiller.zip 

After that download, install, update and make a Full scan with SUPERAntiSpyware: http://scforum.info/index.php/topic,116.0.html

Finally provide us new logs from HJT, Bitdefender and Windows Live OneCare: http://scforum.info/index.php/topic,734.0.html

I'll wait your next reply (with logs).

Regards,

S.

[rkprd]

samker  the problem is I cant log into windows to download  tdsskiller.exe i get a blue screen as soon as windows starts to load due to the recent windows update that messed up computers infected with this rootkit .  I think i am going to wait until windows comes up with a fix for this since Im tired of trying to fix it to no avail  if you have any other possible solutions let me know thanks for your help I appreciate it

[Samker]

samker  the problem is I cant log into windows to download  tdsskiller.exe i get a blue screen as soon as windows starts to load due to the recent windows update that messed up computers infected with this rootkit .  I think i am going to wait until windows comes up with a fix for this since Im tired of trying to fix it to no avail  if you have any other possible solutions let me know thanks for your help I appreciate it

HERE IS THE PROBABLE SOLUTION:

Follow these steps:

1. Boot from your Windows XP CD or DVD and start the recovery console (see this  link http://support.microsoft.com/default.aspx/kb/307654  on how to use recovery console)

Once you are in the Repair Screen..

2. Type this command: CHDIR $NtUninstallKB978262$\spuninst

3. Type this command: BATCH spuninst.txt

4. Type this command: systemroot

5. Repeat steps 2 - 4 for each of the following updates:

    * KB978262
    * KB971468
    * KB978037
    * KB975713
    * KB978251
    * KB978706
    * KB977165
    * KB975560
    * KB977914

6. When complete, type this command: exit

Your computer should restart and everything should be back to normal.

Good Luck!


After all, follow my earlier instructions for removing these rootkit...

[rkprd]

I dont have a windows cd or dvd my computer didnt come so I tried with some programs on ultimate boot cd and I couldnt get past the first command it says chdir failed on whatever the file name is I was able to go into the C:\windows directory and see those files installed but I guess that command only works with the windows cd.

[Samker]

shit... 


...but I have another solution for you.

For that We need another PC, hope that isn't to big problem for you?

Just took the HD out, and put it in a External HD chaise, you can do the same by putting it in another PC with and open HD slot….. get a good copy of atapi.sys or go to the GOOD Pc’s Wn/Sys32/dir folder.. and copy it to the desktop… when you open the BAD HD go to that folder and replace it with the good one…. put the HD back in, and reboot, as you hit the F8 key, go to \most resent Config\ ( or how ever it reads) and click that…..

Let me know did you have success this time?

Regards,

S.

[rkprd]

hey samker I was finally able to get my pc running again by doing a combination of both of the things you told me, I installed the hard drive into another pc and was able to use the command prompt to uninstall the update with the commands you gave me thanks alot you are the man! but I am still not in the clear yet now my pc is full of adware when I click on a search result in google it redirects me to other pages I was shocked when I found out because I never had any problems with this before this mess so now I am looking for some good adware removal programs I will look around your forum to see what I can find let me know if you have any good recommendations thanks again for your help!

[Samker]

Excellent news my friend... don't worry next part is much easier.  

Now please follow my instructions from the start of this Topic:

please download and run this tool provided by Kaspersky: http://support.kaspersky.com/downloads/utils/tdsskiller.zip

After that download, install, update and make a Full scan with SUPERAntiSpyware: http://scforum.info/index.php/topic,116.0.html

Finally provide us new logs from HJT, Bitdefender and Windows Live OneCare: http://scforum.info/index.php/topic,734.0.html

I'll wait your next reply (with logs).

Regards,

S.

[rkprd]

hello samker sorry for not getting back to you earlier my computer had been running fine since the problem I did a scan with malwarebytes and removed the infections or so I thought and it was running fine until yesterday it started running way slower than usual. so I did a scan on bitdefender online scanner and found out I still have an infection but that is another different infection from this topic so I will post another thread with the logs hopefully you can help me out.

[Samker]

so I did a scan on bitdefender online scanner and found out I still have an infection but that is another different infection from this topic so I will post another thread with the logs hopefully you can help me out.

No problem pal, We'll resolve that problem also.

Please open New Topic in SCF "PC Help Center": http://scforum.info/index.php?action=forum and provide us:

1. All possible details related to yours problems / infection.

2. Run BitDefender Online AntiVirus Scan: http://scforum.info/index.php/topic,734.0.html

3. Download & run HijackThis: http://scforum.info/index.php/topic,785.0.html


cya later,

S.