For the past few days, I’ve been trying to get rid of this thing. But after doing research, I’ve learned that this particular root kit bypasses all the security by attaching itself to the MBR and changes boot settings during windows 7 x64 boot. I was hoping to get help with removing this. Avast removes the files, but they just keep coming back. Is their anyway to do a boot time scan, or another program that can do a boot time scan in windows 7 x64? Any help is appreciated.
The current Beta can boot-scan in 64bit. I would read the beta thread to see if any of the problems with it would make it worth it or not. Also, I do not know how well it could install or remove on an already infected system.
The forum’s resident Malware killer would be the other option.
Here is a link to his guide for starters>>http://forum.avast.com/index.php?topic=53253.0
Hello gothicman02 and welcome to the forum.
-
We first need to know how is your machine acting? Are you being redirected to other sites, is Avast not working, can’t boot the machine normally, etc.
-
We do need you to run several diagnostic tests (MBAM and OTL) initially to see what exactly is going on with your machine before we can do any malware removal. Hopefully you have had a chance to review the information given to you in the previous post to provide the logs needed: http://forum.avast.com/index.php?topic=53253.0 - first post.
If you are unable to perform MBAM (due to the malware), then move on and perform OTL, which is more important.
Follow the directions of obtaining an MBAM log (make sure you update MBAM first) and the OTL logs (save the OTL logs as ANSI and not Unicode). When the OTL scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. Post the MBAM log and the two (2) OTL log as an attachment (Additional Options > Attach > Browse (the OTL logs will be on your desktop > Post).
I am going to refer you to our Certified Malware expert, named Essexboy. He will also review your logs and give you further instructions, however he comes on the forum late UK time. He will respond to you in this thread, so remember to check this thread daily.
IMPORTANT: If you are on a home network, disconnect the affected machine from the network. Do not share a USB/flash drive with this affected machine. Do not use this machine unless absolutely necessary; use a different machine to check email, sync your phone, etc. This type of malware can be very aggressive.
Please do not make any further changes to your machine once you have provided the logs.
Let me know if you have any questions. Thank you.
If this is the TDL4 variant - then
Please read carefully and follow these steps.
[*]Download TDSSKiller and save it to your Desktop.
[*]Extract its contents to your desktop.
[*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillermain.png
[*]If an infected file is detected, the default action will be Cure, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerMal-1.png
[*]If a suspicious file is detected, the default action will be Skip, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerSuspicious.png
[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerCompleted.png
[*]If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
[*]If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste the contents of that file here.
or try GMER a rootkit remover
@ nsm0220,
The OP is now working with a Certified Malware Removal Expert and he/she is to follow his instructions only at this point. Thank you for your input, but please refrain from offering any while Essexboy does his work as this only confuses the OP. Thank you.
@ gothicman02,
I have referred you to a Certified Malware Removal Expert named Essexboy. He has give you instructions to follow. Please see his post. Thank you.