11-30-2008, 05:43 PM
Okay, anybody had any experience with killing TDSS? A friend's comp got blasted with it, and it does some nasty things.
Examples:
-Disabling Explorer.exe
-Disabling the keyboard
-HTML injection
-Elimination of AVG's update control file
-Other nasty things
I booted to Safe mode w/ Command Prompt and managed to kill the startup items, but it has a spare doodad somewhere that restored them.
Any ideas? The redirect appears to be based off a file named "C:\\<somefilename>.exe" in the Startup pane.
I ran RootkitRevealer and it showed that the Registry has TDSS in three places, then it aborted because some other app stopped it from accessing the hard drives!
HELP!
Examples:
-Disabling Explorer.exe
-Disabling the keyboard
-HTML injection
-Elimination of AVG's update control file
-Other nasty things
I booted to Safe mode w/ Command Prompt and managed to kill the startup items, but it has a spare doodad somewhere that restored them.
Any ideas? The redirect appears to be based off a file named "C:\\<somefilename>.exe" in the Startup pane.
I ran RootkitRevealer and it showed that the Registry has TDSS in three places, then it aborted because some other app stopped it from accessing the hard drives!
HELP!