Low5Point 0 Posted October 7, 2012 Report Share Posted October 7, 2012 I have run the attached as directed. Have used malwarebytes, windows defender and emsisoft and none were able to remove file Link to post Share on other sites
jeffce 1 Posted October 8, 2012 Report Share Posted October 8, 2012 Hi and welcome!! Please download TDSSKiller Double click TDSSKiller.exe When the window opens, click on Change Parameters Under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System” click OK Press Start Scan Do Not Attempt To Fix Anything Now. We just need to look over the report and be sure we are removing the correctitems. Attach the log in your next reply A copy of the log will be saved automatically to the root of the drive (typically C:\) ---------- Link to post Share on other sites
Low5Point 0 Posted October 8, 2012 Author Report Share Posted October 8, 2012 ran report...tryinf to figure out where the txt file is Link to post Share on other sites
jeffce 1 Posted October 8, 2012 Report Share Posted October 8, 2012 Check you attachment again. Link to post Share on other sites
Low5Point 0 Posted October 8, 2012 Author Report Share Posted October 8, 2012 Check you attachment again. Can't find txt of report. Can only paste to word, but file is HUGE Link to post Share on other sites
Low5Point 0 Posted October 8, 2012 Author Report Share Posted October 8, 2012 17:57:17.0051 4752 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 17:57:17.0051 4752 Suspicious mbr (Forged): \Device\Harddisk0\DR0 17:57:17.0114 4752 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected 17:57:17.0114 4752 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0) 17:57:17.0190 4752 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 17:57:17.0190 4752 \Device\Harddisk0\DR0 - detected TDSS File System (1) Link to post Share on other sites
jeffce 1 Posted October 8, 2012 Report Share Posted October 8, 2012 Ok that was enough. Go ahead and run TDSSKiller again. Select to Cure everything that is found and then attach the new log that is created. Link to post Share on other sites
Low5Point 0 Posted October 8, 2012 Author Report Share Posted October 8, 2012 18:44:27.0585 1704 Detected object count: 1 18:44:27.0585 1704 Actual detected object count: 1 18:44:41.0672 1704 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine 18:44:41.0703 1704 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine 18:44:41.0718 1704 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 18:44:41.0781 1704 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 18:44:41.0828 1704 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 18:44:43.0169 1704 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 18:44:43.0185 1704 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine 18:44:43.0216 1704 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 18:44:43.0216 1704 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine 18:44:43.0216 1704 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 18:44:43.0278 1704 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 18:44:43.0294 1704 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine 18:44:43.0434 1704 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine 18:44:43.0434 1704 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Link to post Share on other sites
jeffce 1 Posted October 8, 2012 Report Share Posted October 8, 2012 Hi, Good job! Download Combofix from the link below, and save it to your desktop. Link **Note: It is important that it is saved directly to your desktop** If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer. -------------------------------------------------------------------- IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here -------------------------------------------------------------------- Right-Click and Run as Administrator on ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please attach the C:\ComboFix.txt for further review. ---------- Link to post Share on other sites
jeffce 1 Posted October 10, 2012 Report Share Posted October 10, 2012 Do you still need help? Link to post Share on other sites
jeffce 1 Posted October 11, 2012 Report Share Posted October 11, 2012 Due to lack of feedback, this topic will now be closed. If you are the original poster and you still require help, please start a new thread. ------------------- Link to post Share on other sites
Recommended Posts