I researched what i can and pretty much found that it is a bad virus, i found a tdsskiller.rootkit zip file that some forum wanted me to download but yea i think i'ma re-install to make sure that it is completely off the comp, all i got is music on there and my d:drive has all my pics so everything is backed up i can find the music again anyways so yea, thank you to all with your advice it helped alot.
Bad Virus @ Home
- Thread starter TimLafter
- Start date
- Status
patonb
Golden Master
- Messages
- 9,748
- Location
- In Gov't Regulated Cubical
Watch your music.. It coulda been the source of the infections.
G/L
G/L
leftcoasttech
In Runtime
- Messages
- 122
probably a little late to mention this, but a combination of rootkit revealer and malwarebytes will usually take care of TDSS. To get MWB to run, simply rename the executable. You could probably even reinstall MWB, though, you would likely need to rename the exe on another machine and put it into the MWB folder, since TDSS tends to prevent the exe from being created.
oops. Meant to say RootRepeal, not Rootkit Revealer
oops. Meant to say RootRepeal, not Rootkit Revealer
patonb
Golden Master
- Messages
- 9,748
- Location
- In Gov't Regulated Cubical
Ah.. nice to know..
The following Registry key is where apps tend to be disabled by viruses...
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun
If you find Malwarebytes, Spybot Search and Destroy, and AVG9 in there, delete them. In fact, the entire RestrictRun key is normally not present on any healthy computer. Group Policy in some domains will use this, but home computers won't.
You have to reboot for changes to work. (In a domain, GP will reapply at reboot.)
If you can't run Regedit, then search the internet for...
re-enable registry portable
...for a utility that unlocks Windows features.
i believe RootkitRevealer can do a good job. If not, running it again will tell you it's not gone yet. That would confirm a rebuild would be necessary.
Panda also has a free rootkit tool. i would try that before rebuilding.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun
If you find Malwarebytes, Spybot Search and Destroy, and AVG9 in there, delete them. In fact, the entire RestrictRun key is normally not present on any healthy computer. Group Policy in some domains will use this, but home computers won't.
You have to reboot for changes to work. (In a domain, GP will reapply at reboot.)
If you can't run Regedit, then search the internet for...
re-enable registry portable
...for a utility that unlocks Windows features.
i believe RootkitRevealer can do a good job. If not, running it again will tell you it's not gone yet. That would confirm a rebuild would be necessary.
Panda also has a free rootkit tool. i would try that before rebuilding.
I found out the combination of the TDSSKiller and malwarebytes work together, I ran the TDSSKiller found the (h8srt) and restarted and after the restart it enabled my malwarebytes to work so i ran a quick scan for Malwarebytes and found all the (h8srt) stuff and removed them and I really didn't get to test my system after that but everything seemed to work fine after that but in case it left anything i did a re-install anyways. So if anybody doesn't want to re-install I suggest TDSSKiller with Malwarebytes it works.
patonb
Golden Master
- Messages
- 9,748
- Location
- In Gov't Regulated Cubical
Good job... Thankds for the follow up.
- Status