| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 111879 | 2010-08-15 10:13:00 | TDL3 rootkit removal | apsattv (7406) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1127994 | 2010-08-15 10:13:00 | I'm trying to remove this from a friends pc via Teamviewer. Talk about a tough one! A fully updated Eset Nod32 never saw a thing neither do most common tools, Malwarebytes, etc Hitmanpro saw a trace of it but did nothing. Drwebcureit did see the process and removed it but it has since returned. Has anyone had some experience with this one? |
apsattv (7406) | ||
| 1127995 | 2010-08-15 10:16:00 | www.bleepingcomputer.com | Netsukeninja (13296) | ||
| 1127996 | 2010-08-15 10:34:00 | Has anyone had some experience with this one? Yep -- can be a tricky one. Run the killer through it previously posted. If its still stubborn - Then run Combofix (www.bleepingcomputer.com) -- It may take a while, and what ever you do DONT STOP IT - it may appear to be stopped or taking a long time leave it alone. A few words of warning -- on Some PC's it can make them unbootable afterwards depending on the infections, so you have to know how to repair the OS if this happens. Its NOT software to be used "willy nilly". Thats another reason it wants to install the recovery Console when you run it. |
wainuitech (129) | ||
| 1127997 | 2010-08-15 10:41:00 | Already used tdskiller it doesnt even see it! Not keen to run combofix yet. As I wrote i'm fixing this via Teamviewer if the machine fails to boot up at other end then other person has a problem. Thread here about it..but no simple solution www.wilderssecurity.com Could an ADMIN please shift this post to the section? |
apsattv (7406) | ||
| 1127998 | 2010-08-15 10:44:00 | Thats alureon rootkit isnt it?? What version of windows is it? If its 32 bit see if trojan remover removes it. I can check it out with TV if you want. | Speedy Gonzales (78) | ||
| 1127999 | 2010-08-15 10:50:00 | Yes, as above 32bit xp , alureon rootkit ? isn't it the same thing tdl3? and nope trojan remover doesn't see it either! I will have another go at it later tonight with MSE |
apsattv (7406) | ||
| 1128000 | 2010-08-15 10:53:00 | Send the ID and pw to me in a pm. I'll have a look. Is it in normal windows or safe mode / networking? | Speedy Gonzales (78) | ||
| 1128001 | 2010-08-15 11:09:00 | Thanks for the offer but they prefer not to have a total stranger looking at it. I will try some more tools on it overnight. |
apsattv (7406) | ||
| 1128002 | 2010-08-15 11:13:00 | I've probably been in 1/2 of the computers on this forum. Oh well, their loss | Speedy Gonzales (78) | ||
| 1128003 | 2010-08-15 11:20:00 | Yes, as above 32bit xp , alureon rootkit ? isn't it the same thing tdl3? and nope trojan remover doesn't see it either! I will have another go at it later tonight with MSE I've recently had an alureon variant found and fixed by MSE. Malwarebytes found nothing. MSE hasn't found any recurrence and the odd DNS behaviour and unwanted web ads have stopped. |
PaulD (232) | ||
| 1 2 3 | |||||