[KColacicco]

Well I found my way here (finally) after working all day to fix this. Running: Windows 7 Ultimate x64. Last night I noticed my Google searches were being redirected to one IP which I don't have since it's on the infected computer. Ran SuperAntiSpyware and it didn't come up with anything, but after the reboot my computer started up fine, logged in, then it seemed like the services wouldn't start (ESET started but would then crash cause it couldn't access the kernel) and that was it. I couldn't run any programs at all, but I could open folders and notepad.

After some research figured out it could be a rootkit, downloaded GMER that I found recommended on another site and booted into safe mode but still couldn't run ANY programs or command lines. After trying everything under the sun, I finally found Hiren's BootCD and I'm currently running Dr.Web Anti-Virus in a mini-XP environment off of a USB key that found BackDoor.TDSS.4005 in the Master Boot Record. The scan is still running and it says it's cured but I figured since I found this place I'd see if after this scan is done and I boot into windows if there's more I would need to do to make sure it's gone (and if there's anything to make sure it doesn't happen again). I wasn't using the computer when it happened, and the person using it said they didn't download anything (yeah, all heard that before). Anyway is there any logs I could post to make sure it's clean after this scan?

Well that Dr.Web scan did fix it, although I had a fun time trying to fix the MBR after that. I'm booted back in now and used the clean-up post from here, everything is looking fine. Thanks though.

Edited by KColacicco, 19 June 2011 - 08:12 AM.