Jump to content

Google Hijack Rootkit Issue - D Lo


Recommended Posts

Hi and welcome!!

Please download TDSSKiller

  • Double click TDSSKiller.exe
  • When the window opens, click on Change Parameters
  • Under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • Do Not Attempt To Fix Anything Now. We just need to look over the report and be sure we are removing the correct
    items.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------

Link to post
Share on other sites

17:57:17.0051 4752 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

17:57:17.0051 4752 Suspicious mbr (Forged): \Device\Harddisk0\DR0

17:57:17.0114 4752 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

17:57:17.0114 4752 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

17:57:17.0190 4752 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

17:57:17.0190 4752 \Device\Harddisk0\DR0 - detected TDSS File System (1)

Link to post
Share on other sites

18:44:27.0585 1704 Detected object count: 1

18:44:27.0585 1704 Actual detected object count: 1

18:44:41.0672 1704 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

18:44:41.0703 1704 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

18:44:41.0718 1704 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

18:44:41.0781 1704 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

18:44:41.0828 1704 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

18:44:43.0169 1704 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

18:44:43.0185 1704 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

18:44:43.0216 1704 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

18:44:43.0216 1704 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

18:44:43.0216 1704 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

18:44:43.0278 1704 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

18:44:43.0294 1704 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

18:44:43.0434 1704 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

18:44:43.0434 1704 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action:

Link to post
Share on other sites

Hi,

Good job!

Download Combofix from the link below, and save it to your desktop.

Link

**Note: It is important that it is saved directly to your desktop**

If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.


  • When finished, it will produce a report for you.
  • Please attach the C:\ComboFix.txt for further review.

----------

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...