Dr. Web Cure It

[Anupam]

I am sorry, I cant help you here, as I don't have any knowledge about TDSS Killer, or any other rootkit removers. You could wait for someone else to reply here. Otherwise, as I said before, its best to post about this on a forum which specially deals with removing malware.

[Indoubt]

Hi Anupam,

I also used F-secure Black light and it came up with one rootkit that just indicated a "hidden file" and that it was "c/windows" and this all it said. Any suggestions?

Thanks again.

[Indoubt]

Quote:

Originally Posted by Anupam

I am sorry, I cant help you here, as I don't have any knowledge about TDSS Killer, or any other rootkit removers. You could wait for someone else to reply here. Otherwise, as I said before, its best to post about this on a forum which specially deals with removing malware.

Thanks Anupam, I will wait for a possible response from other members, and at the same time will go to one of those sites you suggested thanks again.

[torres-no-tan-magnifico]

The following website has a lot of info regarding malware removal:

http://www.selectrealsecurity.com/

Good luck!

[bo.elam]

Quote:

Originally Posted by Indoubt

I tried the TDSS Killer and it found 23 threats in the Driver section, I clicked to Quanratine. I then did another scan and the same 23 threats came up. Could you advise me if I had taken the right procedure, and is there anything I need to do after this. The other button had something do with the "default".

TDSS Killer will select delete or cure if the files are malicious. For suspicious files it will prompt you to select the action, skip is on default. I think you copied the files to quarantine and did not choose delete or cure. Thats why they showed up on the second scan.
Anyway, I would be "very" careful about deleting any file even if TDSS Killer selects it as malicious. Maybe you want to run the scan again and handle one file at a time. If they are selected as suspicious, I would not worry about it that much but would upload each file to Virus Total and Jottis to see what they say.
If the files are malicious(according to TDSS Killer), I would handle each detection at a time and if the scan results at Virus Total and Jottis come up pretty bad, then I would handle the file according to what TDSS Killer suggest.
This is what I would do if I was you. Remember one at a time and if they are suspicious, I would not worry but would check them out anyway. After cure or deleting a file, you need to reboot the computer.
Let me finish by saying that if those 23 files are malicious, you are in very bad shape and deleting some of them might make your PC unbootable.


Bo

[26Dolphins]

Hi there,

A bit late into this discussion, but coincidentally I had to deal with the Whistler rootkit from a Win XP system on Friday.

First off, about Dr.Web CureIt! - it does not install anything on your system. You just download it and run it. As Anupam said, when run in Enhanced Mode It prevents other apps (including malware) to run on your system; this also locks your screen while Dr.Web CureIt! is running, but it asks you first if you want to do the scan this way. Dr.Web CureIt! also takes a long time to do a full scan and in Enhanced Mode your system will be unusable.

Quote:

began to flash not user friendly message

Not sure what you mean by this. I know from personal use that you get a couple of messages about their commercial products, but they come up before and after the scan, they're not scary or anything and all have the x button.
Did you download it from ftp://ftp.drweb.com/pub/drweb/cureit/?

Now, about the rootkit.

Quote:

I tried the TDSS Killer and it found 23 threats in the Driver section

Dealing with rootkits is not for the novice and your situation looks quite severe, if those are real threats as Bo said. My best advice would be for you to post about your problem at one of the "special" forums, like BleepingComputer.com or Malwarebytes or Avast and wait for their help (read the stickies to follow the rules before posting, that way you'll get better help).

Good luck.