Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible TDL3 Rootkit


  • This topic is locked This topic is locked

#16
fleggy1

fleggy1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
hello are you still there?
  • 0

Advertisements


#17
fleggy1

fleggy1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
after 3 anda half hours am done lol

Attached Files


  • 0

#18
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts

hello are you still there?

Yep. I'm always here.:)

How is your computer running now? Any problems?

Do this:

  • Re-run AVPTool
  • Select the Manual Disinfection tab
  • Where it states Step 3 paste in the following disinfection script and press execute

    begin
    SetAVZPMStatus(True);
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
     DeleteFile('C:\WINDOWS\Downloaded Program Files\Launcher.dll');
     BC_DeleteFile('C:\WINDOWS\Downloaded Program Files\Launcher.dll');
    BC_ImportDeletedList;
    ExecuteSysClean;
    BC_Activate;
    RebootWindows(true);
    end.
  • Your system will reboot on completion, if it does not please do so yourself
  • On completion please run another analysis scan and attach the zip file

Posted Image
  • 0

#19
fleggy1

fleggy1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
no problems as of yet and when u say re run the scan you mean on the manual disinfection tab right?
  • 0

#20
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Yep. And copy and paste that script inside code block. Then click on Execute button.
  • 0

#21
fleggy1

fleggy1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
ive done the script bit just doing another gather info thing that is right?
  • 0

#22
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Yes. And attach this file: C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip in your next reply please.
  • 0

#23
fleggy1

fleggy1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
there we go

Attached Files


  • 0

#24
fleggy1

fleggy1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
is everything good to go or os there more?
  • 0

#25
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Well... It looks good except your master boot record is somehow weird. I would like you to temporally un-install Daemon Tools and then run aswMBR scan once again:

  • Double click the aswMBR.exe to run it.

    Posted Image
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.

  • 0

Advertisements


#26
fleggy1

fleggy1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
erm i dont have deamon tools...
  • 0

#27
fleggy1

fleggy1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
oh it could be wiered because i used custom boot screen loader thingd instead of the standard XP home one
  • 0

#28
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Then is orphaned driver. Please follow the steps below:

Step 1

We need to run an OTL Fix

  • Please rigt click on Posted Image on your desktop and click on Run as administrator.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    :OTL
    DRV - [2009/06/08 15:11:38 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
      	
    :Files
    ipconfig /flushdns /c
    
    :Reg
    
    :Commands
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Step 2

  • Double click the aswMBR.exe to run it.

    Posted Image
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.

  • 0

#29
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts

oh it could be wiered because i used custom boot screen loader thingd instead of the standard XP home one

Ups. That explains it. Anyway please proceed with steps above.
  • 0

#30
fleggy1

fleggy1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
done

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP