PDA

View Full Version : Why can't I remove Win32.TDSS.rtk Trojan?



maybush1
2009-02-03, 04:57
Hi all,

I have been trying to remove a Trojan horse (Win32.TDSS.rtk) for some time now without success. I have tried many antivirus/antisyware programs and the only one that seems to pick it up is Spybot.

However, Spybot cannot remove it. When I try, it gives a message saying:

"Some problems couldn't be fixed; the reason could be that the associated files are still in use (in memory).
This could be fixed after a restart.
May Spybot S&D run on your next system startup? YES/NO"

- I've tried restarting and rerunning the scan. Spybot finds it again...and again cannot remove it.

- I've tried running Spybot in Safe Mode, but Spybot does not find the virus in those cases.

What can I do to remove this problem???

Thanks for any help,

Frank

Blade81
2009-02-07, 14:00
Hi Frank,

Download and install TrendMicro HijackThis (http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe)
* Once installed open HijackThis by clicking Start > Programs > HijackThis and click the button labeled
Do a system scan only

* Click the scan button in the lower left hand corner of the interface and HijackThis will quickly scan your system.
* Once the scan is complete the scan button will now read save log. Click this button to save the log file to your PC. Once you select where you would like to save the file it will open in your systems default text editor. Typically this application is Notepad. Post the log here.

Blade81
2009-02-12, 11:20
Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.