ws32.TDSS.rtk trojan....help needed

A

ahf

Expert Member
Joined
Aug 31, 2008
Messages
1,276
Reaction score
190
Location
Down Under
Hi All

Got this trojan on my Dell Vostro notebook and I can't get rid of it, I used Spybot, Superantiadware and McAfee no luck.....I would appreciated your help/assistance please.
Thanks in advance.
 
Ok, did the system restore, unsuccessful....got a message back: disk failure during restore process.
 
You could also try scanning with an anti-rootkit scanner. But I think that Malware Bytes should pick up the nasties. Also, try ATF Cleaner (its a utility that cleans up all the junk files on your PC quickly and easily) including caches from Mozilla and Opera. That might also be worth a look
 
You can also try a-squared, works well.

When trying to get rid of a virus, it usually helps if you switch off system restore completely and clean all of your temp folders (use something like CCleaner or Wise Disk Cleaner)

You can also install WinPatrol which can show you all of the startup programs and services since viruses tend to add themselves to startup.

Hope this helps :)
 
MajorGeeks.com.
Go to the forums and see the sticky on how to sort this problem out.It will take and hour or two but you are guaranteed success.
 
Always when your system is infected, the first things you should always do is turn system restore off, and then clean out temp folders etc.(use disk cleanup and select all but the last option). Then , assuming your AV can detect the thing (else how did youknow that it was that specific malware) run a full system scan, that checks for spyware, viruses, rootkit, and does a memory scan. Once the scan has been completed, it is always a good idea to reboot the machine.

On a note regarding non removal of malware - there are two things that could result in this, and are generally related. Firstly, check your settings of your AV - most times settings are in place that prevent deletion of system files, which is what most malware these days disguise themselves as. Second, check that the files are not inside archives, as some AV products have issues removing specific files inside certain archives, other are a setting related non-removal from archives.

On a final note - I haven't come across superAntiAdware product before - sounds like one of those XPAntiSpyware rogue products :p Which if it is (I'm too lazy to google right now) could be one of the causes of your problems... :D
 
I would've gone straight for my UBCD disk and had a go from a system that I can count on being clean, what with it booting off a CD and all :rolleyes: and sicced Super AntiSpyware on it; this usually works like a charm for me. If you have network acess from there (and you should select it - it updates the SAS db) you can also GOOG for further info and edit the PC's registry from there too, should it come to that.
 
Thanks to all who gave advice I will certainly try all of them and report back Sunday.
I was told to download and instyall Superantispyware and it killed a lot however it did not get rid of this trojan here follows the link:http://www.superantispyware.com/
Malware did scan however it just stopped scanning, so it seems that my problem is serious and yes I am considering to backup and format and re-install windows.
 
What exactly is this trojan/anti-virus doing?

I had one at the office the other day. McAfee couldn't do a thing about it. Malware stuff saw it, but could do nothing. It would recreate its file everytime something tried to quarantine or delete it. Same for the startup entry. Deleting the entry manually, and immediately it would come back. It also hides itself in the task manager. However, it was dumb enough on recreating the file to not check the actual contents. I just replaced the file with a zero sized file (just copy over a zero size file or open the bugger in notepad and ctrl-A, DEL, ctrl-S it), rebooted and removed startup entry since the thing could now no longer run.

If this trojan you have is doing the same thing then find the related file and empty it, but don't delete it and reboot. That's if you don't have a CD-based solution and want to do it while Windows is running. And don't sit with the PC connected to the 'net while you're trying to clean it.
 
OK, tried most of the scanners listed by the group however the only one that removed the trojan was HitmanPro, once the PC was rebooted the trojan was back.
The following error appears: "cannot create file" ; C\Windows\wininit.ini access denied
Anymore suggestions before I format and re-install?
Thanks.
 
Last edited:
Formatted the drive and now busy installing windows again.
Many thanks to all who assisted and gave advice.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X