Wiz- Rootkit.TDSS

Bent Romnes · From: London,Ontario, Canada

Wiz, it looks like I am having some ongoing problems here.
I did some of the stuff that you recommended and the PC seemed to run ok once more. The last couple of days things have been acting strangely again. The computer started resetting all on its own. It would re-start automatically for no apparent reason. I read up on it a bit and found it could be caused by the BSoD. Thing is, I haven't been getting the blue screen before and during shutdown or start-up.
All this afternoon I have been getting virus alerts from AVG, alerting me to the Agent2.BXCT virus. AVG says it is unable to remove it and the only option is to let AVG place it in quarantine.

Just now, MBAM found the rookkit.TDSS trojan again, same as what I wrote about a few days ago. It was also placed in quarantine.
Am I safe from these threats now, by having put them in quarantine? Is there any reason why I shouldn't remove these manually? (delete quarantined items)

The last 3 hours, the computer has not been re-setting itself. I can't explain why. But these resets are random..ranging form a minute to an hour, but never 3 hours. Has the problem somehow corrected
itself?

Oops, just now AVG informs me that it found a Trojan Horse Agent2.BXCT That's the same one that has been detected several times this afternoon.

I did clean my fans, heatsinks etc and re-set the RAM modules.

I also restored defaults on the Windows Firewall.

I also tried to do a system restore. I attempted many different restore points but every time windows informed me that it could not restore to the date I requested. Seems like it is locked or something.

Am I totally infected here? Would the best way be to do a format and re-install? I hate to go to all that trouble, but will if there seems no way out of this mess.
_________________
BenRom Pedal Steel Guitars
https://www.facebook.com/groups/212050572323614/

Wiz Feinberg · From: Mid-Michigan, USA

Bent;
There are only two options for you to consider, after everything you've already done.

1: Go to am malware removal forum and post a request for personal assistance.

2: reformat and reinstall everything.

If you opt for #1, try working it out at the Bleeping Computers forum first. Read the instructions, sign up and post a request for help. List everything listed in the basic instructions, then wait until a volunteer answers your request. Stick with this person and follow his or her instructions to the letter. Do nothing that is not asked of you and do not interject your problem into anybody else's topics. Only do what you are told to do. Do not read other people's problems or try their solutions. It will make matters worse for you.

If you reformat you will kill any MBR infectors that might be lurking; such as the Mebroot rootkit. You will also have to re-register/activate all commercial programs, including Windows itself.

If it was me, I would head to Bleeping Computers, or the Malwarebytes' forums.

Note, that Bleeping Computers malware removal experts may have you scan with MBAM, among numerous other tools, including Rkill, written by Grinler, a deity of Bleeping Computers. If you are asked to use Rkill and ComboFix, pay close attention to the instructions. Prepare to use HijackThis multiple times and post a log each time. Special tools may even be created just for you.

I use these tools on personal service calls, each of which is different than any others. The tools required for any fight may vary from those used to fix other computers.

The purpose of a rootkit is to hide nefarious behavior from your sight. Usually, this bad behavior involves Bots that send spam and launch attacks against designated targets. The fact that MBAM has identified the TDSS Rootkit on your computer is evidence that your PC may be a member of a criminal Botnet. At this moment, a cyber war is being waged between rival Botnets, aver the Wiki-leaks website and the various companies that have cut them off. A Bot infested PC might send spam today and attack Mastercard, Visa, PandaLabs, Amazon and PayPal tomorrow.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog

Bent Romnes · From: London,Ontario, Canada

Wiz, thanks. I went for #1...signed up with Bleeping computers and am now waiting for a reply to my first post
_________________
BenRom Pedal Steel Guitars
https://www.facebook.com/groups/212050572323614/

Cal Sharp · From: the farm in Kornfield Kounty, TN

Heya Wiz,
If Bent re-installed, could he be sure that his personal data - pictures, emails etc. that were backed up to some other location - weren't infected with something?
_________________
C#
Me: Steel Guitar Madness
Latest ebook: Steel Guitar Insanity
Custom Made Covers for Steel Guitars & Amps at Sharp Covers Nashville

Wiz Feinberg · From: Mid-Michigan, USA

Bent Romnes · From: London,Ontario, Canada

Wiz Feinberg · From: Mid-Michigan, USA

Forum Index > Computers		Next oldest topic :: Next newest topic

All times are GMT - 8 Hours	Jump to: