Re: Repeated Instrusion attempt

Luu777 · ‎05-05-2010

So much help! A litle confusing though. So you are saying go to bleeping computer?

Luu777 · ‎05-05-2010

Just to let you know I posted on Bleeping Computer. I also tried to do the steps necessary for the logs but dds doesn't run and gmer reboots my machine.

SlamDunkley · ‎02-18-2010

Have you guys tried Trojan Hunter?, it is very good at detecting trojans and rootkits, you can download it from the link below

http://www.trojanhunter.com/

Quads · ‎07-21-2008

SlamDunkley wrote:
Have you guys tried Trojan Hunter?, it is very good at detecting trojans and rootkits, you can download it from the link below

http://www.trojanhunter.com/

Trojan Hunter won't get TDL3 /TDL4 (Backdoor.Tidserv). You can't just delete the files for these infections like other Malware that have their own files. So if the program detected patched files that are critical to Windows you would have to make sure you knew the program wouldn't delete the file(s) involved.

As found out awhile ago when Norton for a few people was rebooting the PC and deleting the TDL3 infected driver, That caused a BSOD.

Quads

Luu777 · ‎05-05-2010

I am still working with bleeping on this. If you want to follow along, the link is:

http://www.bleepingcomputer.com/forums/index.php?showtopic=315843&st=0&gopid=1750917&#entry1750917

As of now it is still not resolved.

Quads · ‎07-21-2008

If It's TDL4 (Gen4) TDSSkiller the last time I tested detects the disk controller and restarts the PC, But it can't clean the PC of TDL4, the driver is detected again and again........................

This is due to the infected randomly selected Windows Driver that TDSSkiller does not detect.

Quads

Luu777 · ‎05-05-2010

So is there no solution then? bleeping had me run a bunch of things (FixEXE, Rkill, TDSSKiller, MBAM, and ESET). Now they are asking me to run dds.scr which won't run on my computer, and GMER which doesn't finish. I am about at wits end.

brownfox · ‎05-05-2010

"...the driver is detected again and again.."

Can't an infected driver be halted & removed in Device Manager. And let Windows find a good one?

Quads · ‎07-21-2008

Luu777 wrote:
So is there no solution then? bleeping had me run a bunch of things (FixEXE, Rkill, TDSSKiller, MBAM, and ESET). Now they are asking me to run dds.scr which won't run on my computer, and GMER which doesn't finish. I am about at wits end.

They will get the, they generally try safer programs first, Combofix is further down the list.

I have just tested a different TDL4. from the Malwarebytes Malware Researchers and the file infected was randomly selected (dmio.sys), TDSSkiller could not detect anything, not even the disk controller. Nothing.

And Combofix gave an error near the end of its run.

I found a couple of times with TDL4, GMER crashes or restarts the PC when scanning the Device section.

Quads

Quads · ‎07-21-2008

brownfox wrote:
"...the driver is detected again and again.."

Can't an infected driver be halted & removed in Device Manager. And let Windows find a good one?

You can't stop drivers that are required by Windows, With TDL3 that is the case, TDL4, you could be lucky that it selects a driver that won't be in use if you go into Safe Mode.

It can be interesting enough to detect which driver was chosen with TDL4

"Can't an infected driver be halted & removed in Device Manager. And let Windows find a good one?" That's what happens when people don't understand Windows or a Malware group, but that's OK.

Quads