Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spyware still persists after all removal attempts! [Solved]


  • This topic is locked This topic is locked

#16
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi D2e,

The bootlog file didn't shed a lot of light on the blue screen problem. Normally if a system driver is causing the problem there will be a mimidump file created, so no minidump file is good on one hand and no help on the other. I want to check the boot options. TDSSKiller found and killed the rootkit, but we need to run TDSSKiller again and remove the TDSS File System.

When the machine blue screens does it give any error messages or stop codes?


Step-1.

Posted Image TDSSKiller

Please read carefully and follow these steps. They are a little different from the last instructions.
Re-open TDSSKiller on the desktop.
  • Click on Change parameters.
    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • If a suspicious object is detected, the default action will be Skip. Leave the default Skip action except for the following:
    When you see TDSS File System on the Threats Detected page, click the down arrow beside Skip and click Delete.
  • Click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue
  • If TDSSKiller needs the system rebooted a window will come up telling you to reboot. Click the Reboot Computer button to finish the cleaning process.
    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step-2.

Check Boot Options

Please restart your system and tap the F10 key repeatedly, until the Edit Boot Options screen appears.

Please DO NOT edit anything, just report back what you see.

You should see this:

Edit Windows boot options for: Windows 7

Path: \Windows\System32\winload.exe

Partition: 1
Hard Disk: {Some random looking numbers}

[ /NOEXECUTE=OPTIN <--This is the bit I am most interested in. Don't change anything, just tell me exactly what is shown after this statement.


Step-3.

Things For Your Next Post:
1. The TDSSKiller log
2. Tell me exectly what the [/NOEXECUTE=OPTIN line showed.
3. Do you get any error messages or Stop codes when the system blue screens?

Edited by godawgs, 13 April 2012 - 11:24 PM.

  • 0

Advertisements


#17
D2e

D2e

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hello,
My company transitioned to a new network last week & I no longer have admin rights. So now my laptop won't run the TDS program because it requires the admin password. I am trying to get admin privileges from IT but I doubt it will fly.
Are there any other options I could try without being the administrator?
  • 0

#18
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi D2e,

I wish I had known up front that this computer belonged to your company. Our support is for home and personal use. Please see section 3 b. of our Terms Of Use. The TOU specifically states that we are not here to support/replace your company's IT department. While there are times, and under certain circumstances, we will look at a computer belonging to a company, we will do so only with the company's knowledge of and consent to our looking at it. We want to avoid having a company get angry at us because their IT department was circumvented.
To answer your question, I don't know of any tools we can run or settings we can check without Admin. privileges. If/when you get Admin. privileges and your company gives the go ahead for us to continue, send me a PM and I will check with the powers that be here and let you know if we can continue.
  • 0

#19
D2e

D2e

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
It's a bit of a hybrid scenario...It's MY laptop but I use it for work. The company was sold in January & until you were transitioned to the new company network, there WAS no IT support because you couldn't access the ticket portal.
At any rate I am on the new network as of last week so I can open a ticket with IT at this point. I thought I could finish what we were doing here since we were almost done but with the Admin issue probably not going to happen.
Thanks for the help up to this point.
  • 0

#20
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
D2e,

Thank you for telling me. You are welcome and I'm sorry we couldn't finish. Good luck.
  • 0

#21
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP