Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Google redirect virus, need alternative to TDSSKILLER
New Posts  All Forums:Forum Nav:

Google redirect virus, need alternative to TDSSKILLER - Page 2

post #11 of 18
Pulling the drive and scanning it on another machine with Malwarebytes is probably your best bet, but even that can only go so far. Hijackthis is only good for only certain things, and you shouldn't even be considering it right now before you have actually cleaned out the rootkit, since that is what it looks like.

You may have a revision of a TDL3 which does some really freaky stuff like sets up encrypted sectors so normal antivirus programs won't even see them. You are probably going to need to do a Combofix run. I have seen OS's get bricked by using it, so you should have a complete system image backed up in case the worst happens.

Good luck.
My System
(17 items)
 
  
CPUMotherboardGraphicsGraphics
AMD Phenom II X4 955  Gigabyte GA-MA790XT-UD4P Sapphire HD 6950 Sapphire HD 6950 
RAMHard DriveHard DriveOptical Drive
G-Skill Mushkin Callisto Deluxe WD Black LG Supermulti 
CoolingOSKeyboardPower
Rasa Black CPU water block. Rasa X20 pump/res c... Windows 7 Ultimate x64 Deck Legend Fire mechanical with Cherry Black s... Cooler Master Silent Pro Gold 1200W modular PSU. 
CaseMouseAudio
Cooler Master Storm Scout Logitech MX-518 Logitech Wireless headset for gaming and 100w M... 
  hide details  
Reply
My System
(17 items)
 
  
CPUMotherboardGraphicsGraphics
AMD Phenom II X4 955  Gigabyte GA-MA790XT-UD4P Sapphire HD 6950 Sapphire HD 6950 
RAMHard DriveHard DriveOptical Drive
G-Skill Mushkin Callisto Deluxe WD Black LG Supermulti 
CoolingOSKeyboardPower
Rasa Black CPU water block. Rasa X20 pump/res c... Windows 7 Ultimate x64 Deck Legend Fire mechanical with Cherry Black s... Cooler Master Silent Pro Gold 1200W modular PSU. 
CaseMouseAudio
Cooler Master Storm Scout Logitech MX-518 Logitech Wireless headset for gaming and 100w M... 
  hide details  
Reply
post #12 of 18
Quote:
Originally Posted by lucido View Post
Hijackthis generates reports, It doesn't directly remove malware.
just post the report here and ill show you how it removes them
post #13 of 18
Quote:
Originally Posted by PhillyOverclocker View Post
Pulling the drive and scanning it on another machine with Malwarebytes is probably your best bet, but even that can only go so far. Hijackthis is only good for only certain things, and you shouldn't even be considering it right now before you have actually cleaned out the rootkit, since that is what it looks like.

You may have a revision of a TDL3 which does some really freaky stuff like sets up encrypted sectors so normal antivirus programs won't even see them. You are probably going to need to do a Combofix run. I have seen OS's get bricked by using it, so you should have a complete system image backed up in case the worst happens.

Good luck.
This.


And, it probably just edited your hosts file with a redirect. Check it.

(Depending on your OS, it should be in C:\\Windows\\System32\\Drivers\\Etc\\Hosts

Open it up with notepad, see if there is an entry related to Google Search.


But make sure you scan with AV software too.
Roadhouse
(16 items)
 
Coldstorm R.2.1
(13 items)
 
Roadhouse
(7 photos)
CPUMotherboardGraphicsRAM
Intel i7 2600K Gigabyte GA-Z68X-UD3H-B3 Sapphire 6950  G. Skill Ripjaws Series (8gb) 2x4gb DDR3 1600 
Hard DriveHard DriveOptical DriveCooling
Corsair M4 SSD Western Digital Caviar Black Lite-On DVD Burner Corsair H100 
OSMonitorKeyboardPower
Windows 7 64x Professional Samsung 2333HD Ducky Shine (Red Switches) Corsair TX650M 
CaseMouseMouse PadAudio
Thermaltake Level 10 GT Logitech G9x Steeleseries Xai Steeleseries Siberia v2's 
CPUMotherboardGraphicsRAM
Phenom 920@3.8GHz GIGABYTE GA-MA790X-UD4 SAPPHIRE 6950 2GB [UPS] G Skill 2x2(4gb) DDR2-800 
Hard DriveOptical DriveOSMonitor
500gb+640gb - Raid 0- 750gb and 1tb for Storage LG 22x DVD Burner Windows 7 Professional 64x Samsung 2333HD 
KeyboardPowerCaseMouse
XArmor Corsair 650TX CoolerMaster Storm Sniper BE Logitech G9x 
Mouse Pad
Steelseries 
  hide details  
Reply
Roadhouse
(16 items)
 
Coldstorm R.2.1
(13 items)
 
Roadhouse
(7 photos)
CPUMotherboardGraphicsRAM
Intel i7 2600K Gigabyte GA-Z68X-UD3H-B3 Sapphire 6950  G. Skill Ripjaws Series (8gb) 2x4gb DDR3 1600 
Hard DriveHard DriveOptical DriveCooling
Corsair M4 SSD Western Digital Caviar Black Lite-On DVD Burner Corsair H100 
OSMonitorKeyboardPower
Windows 7 64x Professional Samsung 2333HD Ducky Shine (Red Switches) Corsair TX650M 
CaseMouseMouse PadAudio
Thermaltake Level 10 GT Logitech G9x Steeleseries Xai Steeleseries Siberia v2's 
CPUMotherboardGraphicsRAM
Phenom 920@3.8GHz GIGABYTE GA-MA790X-UD4 SAPPHIRE 6950 2GB [UPS] G Skill 2x2(4gb) DDR2-800 
Hard DriveOptical DriveOSMonitor
500gb+640gb - Raid 0- 750gb and 1tb for Storage LG 22x DVD Burner Windows 7 Professional 64x Samsung 2333HD 
KeyboardPowerCaseMouse
XArmor Corsair 650TX CoolerMaster Storm Sniper BE Logitech G9x 
Mouse Pad
Steelseries 
  hide details  
Reply
post #14 of 18
Quote:
Originally Posted by Rockin Z28 View Post
this virus is beating my computers ass big time..and TDSSKiller won't run..it extracts everything but it wont initialize..is there an alternative program that can kill this virus as well (malwarebytes is useless vs this thing)
I had the same problem. I'm not an expert but came up with this workaround. I eventually got tdsskiller to run by changing the version info of the exe, removing any reference to Kapersky or tdsskiller. I used a product called Resouce Tuner (restuner.com) to change the CompanyName, LegalCopyRight, LegalTradeMarks, ProductName, FileDescription, InternalName, and OriginalFileName to something else, so that the virus would not prevent tdsskiller from running. Tdsskiller (renamed file) was then able to run and removed the rootkit.
post #15 of 18
Why not just run Goored Fix?
http://jpshortstuff.247fixes.com/GooredFix.exe

Removed
post #16 of 18
Beat my ass for 5 days. I
found that a row of numbers on my host file was missing. When I changed those numbers, I ran TDSS killer and it found the rootkill32 virus and it worked.(google redirect). Your host files should be
127.0.0.1 localhost
::1 localhost
To change host file go here
http://geekswithblogs.net/thibbard/a...leinvista.aspx
Also go through this part(proxy server unchecked)
First site to look at.
http://deletemalware.blogspot.com/20...ect-virus.html
post #17 of 18
In the future remember that 64-bit OS is more resistant to rootkits than 32-bit OS.
    
CPUMotherboardGraphicsRAM
Zilog Z80 @ 4MHz Coleco Adam Motherboard 16 KB / 16 colors / 32 sprites (on-board) 64K 
Hard DriveOptical DriveOSMonitor
Coleco Digital Data Cassette Coleco Digital Data Cassette CP/M, BASIC (on tape) CRT Television 
PowerCase
Built into printer Plays All Coleco Cartridges 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Zilog Z80 @ 4MHz Coleco Adam Motherboard 16 KB / 16 colors / 32 sprites (on-board) 64K 
Hard DriveOptical DriveOSMonitor
Coleco Digital Data Cassette Coleco Digital Data Cassette CP/M, BASIC (on tape) CRT Television 
PowerCase
Built into printer Plays All Coleco Cartridges 
  hide details  
Reply
post #18 of 18
Quote:
Originally Posted by Majestic_Lizard View Post
In the future remember that 64-bit OS is more resistant to rootkits than 32-bit OS.
because it doesn't allow unsigned drivers. TDL4 rootkit is designed to bypass the Windows kernel-mode code signing policy on 64-bit systems
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Google redirect virus, need alternative to TDSSKILLER