Win32.TDSS.rtk Help! (Resolved)
Please help!
My home computer has been attacked by Win32.TDSS.rtk and I do not have the know-how to get rid of it. I have run Spybot S&D several times and it picks up 5 or 6 TrojansC entries that always come back when I try to fix the selected problems. I have only average computer knowledge and need a professional to help me through this. I have read many of the other posts regarding this same issue, each saying do not try this at home, this issue requires individual attention, so here I am, asking for individual attention. Spybot shows the following set up in a drop down fashion after I scan:
Win32.TDSS.rtk
(SBI $1473B578) File
C:\WINDOWS\system32\drivers\geyekrsscupuve.sys
(SBI $5CC20873) File
C:\WINDOWS\system32\geyekrpwlgmaeo.dll
(SBI $5CC200873) File
C:\WINDOWS\system32\geyekrwqdgxgnm.dll
(SBI $E9F5D25E) File
C:\WINDOWS\temp\geyekrwdqppxgban.tmp
(SBI $0419F0A4) File
C:\WINDOWS\system32\geyekrwittgyus.dat
(SBI $0419F0A4) File
C:\WINDOWS\system32\geyekrxunbjivh.dat
I don't know much about what kind of logs you might need or how to aquire them, so I appreciate your patience in helping me out. One question I have about the eradication process is should I attempt to back up my documents, photos, and music before downloading any programs to kill this virus or would that just endanger my computer again, after its fixed? Will the process even affect these types of files, does it involve a complete wipe? Thanks for your answers and help in advance, I wish I was as techno-savvy as all you, but since I'm clearly not, Thanks Again!
Kylie
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)
Malwarebyte's Anti-Malware
Malwarebytes' Anti-Malware 1.40
Database version: 2575
Windows 5.1.2600 Service Pack 3
8/7/2009 5:05:11 PM
mbam-log-2009-08-07 (17-05-11).txt
Scan type: Full Scan (C:\|D:\|G:\|L:\|M:\|)
Objects scanned: 262274
Time elapsed: 1 hour(s), 36 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\geyekrpwlgmaeo.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\geyekrwqdgxgnm.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP205\A0028481.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP205\A0028482.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
Computer seems to be doing better, it didn't show all of the crazy disappearing command boxes when it first starts windows like it usually does. I'll keep playing with the programs and functions I had been having trouble with and let you know. Thank You SO MUCH! Let me know what follow up information you might need and when I can restart Spybot TeaTimer (i think that was the major thing you said to wait for clearance before restarting)