New
#41
Don't reset bios. But do the following. Be sure to boot from DVD, so not from F8!!
BTW: what rootkit did you have? And how did you remove it?
TDSS rootkit?
If so:
C:\WINDOWS\system32\TDSSciou.dll - Win32/Agent.ODG trojan
C:\WINDOWS\system32\TDSSliqp.dll - Win32/Agent.OIK trojan
C:\WINDOWS\system32\TDSSnrse.dll - Win32/Agent.OIK trojan
C:\WINDOWS\system32\TDSSoeqh.dll - Win32/Agent.ODG trojan
C:\WINDOWS\system32\drivers\TDSSmhct.sys - Win32/Agent.ODG trojan
All gone? Now just to be sure you have correct MBR bootcode:Code:c: cd \windows\system32 attrib -h -s tdss*.* del tdss*.* cd drivers attrib -h -s tdss*.* del tdss*.*
Code:bootrec/fixboot bootrec/fixmbrAny strange startup items?Code:reg query HKLM\win7sys\Microsoft\Windows\CurrentVersion\Run reg query HKLM\win7sys\Microsoft\Windows\CurrentVersion\Runonce
Code:reg unload hklm\win7sys
Last edited by Kaktussoft; 02 Nov 2012 at 09:26.
Going to double check tomorrow i need some sleep right about now. Thanks for all your help il be back
Or download Data Recovery | AVG Rescue CD | AVG Ireland . Download the ISO, burn it and boot from it. Scan for virusses. Anything found? Cleaned?
This is critical information to identify. Unless you can exactly identify it, you will often find that the best solution to get a 100% guarantee the system is clean, is to perform a clean install after running a DISKPART and CLEAN or CLEANALL.
I know its not ideal, but its the safest solution.
Regards,
Golden
Ok i will give you as much info on the rootkit as i can. I can not remember it name of exact location. I am 100% sure it was removed as all it stopped effecting my computer. It was a google redirect rootkit that made google chrome use 50+ cpu and would redirect many google links in both chrome and Firefox. I could not use TDSS as the process was killed on launch no matter what i renamed it. So i used PC tools root killer, im sorry i dont remember its exact name. I did try and run tdss but it was never running long enough to do anything.
I searched system 32 and drivers with "dir tdss*" found nothing. I will try and find the exact name of the rootkit remover i used.
All avg folder have been renamed with .save at the end.
Ok im doing the #12 now. Earlier today i was running the avg scan it took an incredible long time but that was to be expected however it ended at 54% on a java file with the message Scan ended with unknown return code!
#12 the first line worked but the others gave me "ERROR: The system was unable to find the specified registry key or value." Im going to try them again as i may have stuffed it up somewhere somehow.