Rootkit.win32.TDSS.d reader_s.exe

[Clastro]

Seems I contracted a virus, or a bunch of them. I think I got it when I for some reason didn't pay attention. I was trying to find a program or digital writer to convert pdf files to ordinary jpeg, so yeah, I dunno what I downloaded but it wasn't something good. I think I got fooled in download a fake acrobat reader version. hehe

The virus also makes it impossible for me to access windows update. hehe
At least a few hours ago.

It was impossible for me to get rid of it myself, even with Norman. So I tried this Kaspersky virus removal tool and the AVZ, combined with hijackthis.
And now I have read the "read before you post thread" and hopefully followed the instructions correctly.

Thanks in advance for any kind of help to resolve this matter!

Kalle, Sweden.

[Aleksandra]

Make a log of GMER http://virusinfo.info/showthread.php?t=51878

I was trying to find a program or digital writer to convert pdf files to ordinary jpeg, so yeah, I dunno what I downloaded but it wasn't something good. I think I got fooled in download a fake acrobat reader version.

I need a link to this site.

[Clastro]

Make a log of GMER http://virusinfo.info/showthread.php?t=51878


I need a link to this site.

I tried the GMER, but I got blue screen twice now, I don't feel like trying a third time.

Hm, well, about the link. I don't remember what it was. So, sadly I can't help you out with helping me out on that.

Perhaps I had the virus earlier, but I do not think so.

I got a bluescreen when I updated acrobat reader to version 9.3. I do not know if it had anything to do with it, but this was when I thought something was wrong. Bunch of stuff I do not know, perhaps it wasn't even a correct version of acrobat reader, but I think so.

[Aleksandra]

Make a log of Vba32 AntiRootkit http://virusinfo.info/showthread.php?t=77373

[Clastro]

Thanks for the reply.

I tried a third time to get GMER to work, but it didn't, so I started windows in safe mode and then GMER worked.

So I attached both the gmer.log and the Vba32 log.

One more thing, since before I tried this Kaspersky, I used my Norman antivirus program. Norman has some files now in quarantine, should I release those and let Kaspersky take care of them also? Or does Kaspersky already take care of them?

[Aleksandra]

1. Replace C:\Windows\system32\DRIVERS\kbdclass.sys with a clean file from any similar system or from Windows CD using recovery console or Live CD.

2. Make a new log of Vba32Arkit.

[Clastro]

1. Replace C:\Windows\system32\DRIVERS\kbdclass.sys with a clean file from any similar system or from Windows CD using recovery console or Live CD.

2. Make a new log of Vba32Arkit.

My Fujitsu-Siemens computer got delivered with no windows vista DVDs, so I had to make one of my own and I was only allowed to do it ONCE.
But the thingie failed the burning process already on disc one!!! It still used up my ONE time ability. So I have no windows disc.

I am not familiar with what you mean by "Live CD", and google it didn't help me much.

"similar system", do you mean I can just have a copy sent to me from a friend with windows VISTA? or even windows 7 or xp?

[Aleksandra]

Check your system with Live CD Vba32 Rescue. Links to download:

ftp://anti-virus.by/pub/vbarescue.iso
ftp://vba.ok.by/vba/vbarescue.iso

[Clastro]

Okey, so now I have checked my computer with the VBA32 resvue, it took like 4-5 hours to scan it. It found two infections and deleted one and cured one. Thing is now though, the kbdclass.sys file have been alterred after the vba32-scan and that was my drivers for my keyboard so now the keyboard doesn't work anymore for some reason (I am writing this from my other computer ). I guess this isn't really such a big problem, I can fix it by myself probably.

But I assume I should do the "2. Make a new log of Vba32Arkit. " step now.



Vba32ArkitLog2

[Aleksandra]

I don't see any problem in your log.

[Clastro]

Yes, it seems I am finally clean after one week of countless hours of struggling. I even released my quarantine files in norman and then run VBA32ARkit again, this time it took almost 7 hours.

I could not have done this without you and the tools provided!!
I am truly greatful!

All the googling I did before reaching this page was alot about "nothing you can do about this viruses, I suggest you to reformat your computer".
But with your help that was not need!!

Thanks again.