How do i get rootkit.win32.tdss.d out of system memory
Printable View
How do i get rootkit.win32.tdss.d out of system memory
Pls. use this tool: [url]http://support.kaspersky.com/faq/?qid=208280684[/url]
After reboot make a new log of AVPTool
doesn't work. it finds the infection in c:\windows\system32\drivers\nvstor32.sys and will be cured on reboot but doesn't work after reboot.
- [URL="http://virusinfo.info/showthread.php?t=9207"]Execute following script[/URL] in Manual disinfection
[CODE]begin
QuarantineFile('C:\Windows\System32\Drivers\dump_nvstor32.sys','');
QuarantineFile('C:\Windows\system32\drivers\tsk7DB9.tmp','');
CreateQurantineArchive('C:\quarantine.zip');
end.[/CODE]
After reboot upload the C:\quarantine.zip over the link [COLOR="Red"][B]Upload quarantined files[/B][/COLOR] on the top of this page.
i ran the script and tried to upload the zip using the link but it gave an error and says that it was already uploaded. so i changed the name and tried again but same result. so i went ahead an attached to this reply.
one of the symptoms of the virus is that the first time i run internet explorer it crashes and restarts. then when i do a google search, the first several times i click on a link it redirects me to a random site. i noticed that when i first click on the link but before the redirect it goes to c1ci1i1i.com
do you know of a way in windows vista to search within the [U]text[/U] of all files on the harddrive? i want to see if i can find the file with c1ci1i1i.com in it? i used to be able to do this in windows 98 but can't seem to figure it out in vista.
Make a log of GMER [url]http://virusinfo.info/showthread.php?t=51878[/url]
attached is the gmer log
1. Start the file Vba32Arkit.exe with double click.
2. Press the button [B]Start[/B] and let Vba32Arkit to make a FULL SCAN of your system.
3. After scanning press the button [B]File[/B] -> [B]Save Zipped..[/B] an save the logfile.
4. Attach the logfile to your new message.
attached log
1. Replace C:\Windows\system32\drivers\nvstor32.sys with a clean file.
2. Make a new log of Vba32Arkit.
now its in atapi.sys
Pls. make a log file with Malwarebytes Antimalware.
the malware log is attached
- [URL="http://virusinfo.info/showthread.php?t=9207"]Execute following script[/URL] in Manual disinfection
[CODE]begin
SetAVZGuardStatus(True);
ClearQuarantine;
QuarantineFile('C:\Users\Rey\AppData\Local\Temp\0.8888980323989585.exe','');
BC_ImportAll;
SetAVZPMStatus(True);
RebootWindows(true);
end.[/CODE]
After reboot [URL="http://virusinfo.info/showthread.php?t=9207"]execute following script[/URL] in Manual disinfection
[code]begin
CreateQurantineArchive('C:\quarantine.zip');
end.
[/code]and upload the C:\quarantine.zip over the link [COLOR="Red"][B]Upload quarantined files[/B][/COLOR] on the top of this page.
i don't know if the quarantine uploaded. i got the following message:
[B]Upload result[/B]
[B]Upload error. This file already was uploaded before[/B]
[LEFT]after i rebooted, windows wanted to install a driver for new hardware. were you expecting that? i did not reinstall and ignored the message for now.[/LEFT]
Unknown hardware you should remove from Hardware manager (command [B]devmgmt.msc[/B], find [I]Unknown [/I]and remove)
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool [URL="http://support.microsoft.com/?scid=kb%3Ben-us%3B315246&x=17&y=6"]cleanmgr[/URL] or [URL="http://www.ccleaner.com/"]CCleaner[/URL] or [URL="http://www.clearprog.de/"]ClearProg[/URL]
did what you asked. solved the hardware problem but everything else is still the same
Make a log of gmer ([url]www.gmer.net[/url])
gmer attached