PDA

View Full Version : Removal of win32.TDSS.rtk



jwhatter
2009-03-21, 15:54
Hi,

I run Spybot every day as part of my PC wellness program. Thursday morning, Spybot alerted me to the presence of the win32.TDSS.rtk trojan.

1. Spybot wasn't able to remove it.
2. The subdirectory referenced in all of the messages stated it was under my user appdata/roaming/twain32
3. I ran Spybot as part of the reboot (I immediately rebooted). Spybot said it wasn't able to remove the trojan.
4. I rebooted in Safe mode and ran Spybot. It said it was able to remove the trojan.

Friday's Spybot scan came back with the same win32.TDSS.rtk trojan. I did the following:
1) ran Spybot on reboot - unable to remove the trojan
2) ran Spybot under Safe mode, it removed the trojan
3) ran Spybot after normal reboot, it detected the trojan
4) ran Spybot under Safe mode, it removed the trojan
5) ran Spybot after normal reboot, it detected the trojan

At this point I started searching for solutions without any success.

Do you have any suggestions?

Thank...
So it appears to be in a driver or something that's loaded

Shaba
2009-03-22, 12:23
Hello jwhatter

Please see this (http://forums.spybot.info/showthread.php?t=288) next

Please follow the instructions in the above thread and then start a fresh topic with the logs required.

Regards.