Pc Fixed Right
Member
- Reaction score
- 13
- Location
- NH
I have a clients PC in front of me with rootkit.win32.tdss.tdl4 and I am having trouble removing it.
The PC only has 1 profile and is Windows Xp Pro System restore is Disabled
So far I have tried the following.
Rkill to kill the process (nothing found except for rkill)
Software based tools were tried first
Fsecure no results
stinger no results
tdsskiller finds it cures but it comes back (system restore is disabled)
backlight no results
Eset finds it as (Eolmarik) but cannot fix it so I downloaded separate scanner Eolmarik removal tool (it cannot find it) so no results
Combofix finds the rootkit(s) removes them but it is still present
Manual Removal
removed the following files
system32UACdfqsytqwwyfllri.dll
system32UACsnbfuyfvmevqlyg.dll
and the registry keys associated with them or at least I think I did but it has come back
I will go through the manual process again maybe I missed a key but any help would be appreciated thanks.
The PC only has 1 profile and is Windows Xp Pro System restore is Disabled
So far I have tried the following.
Rkill to kill the process (nothing found except for rkill)
Software based tools were tried first
Fsecure no results
stinger no results
tdsskiller finds it cures but it comes back (system restore is disabled)
backlight no results
Eset finds it as (Eolmarik) but cannot fix it so I downloaded separate scanner Eolmarik removal tool (it cannot find it) so no results
Combofix finds the rootkit(s) removes them but it is still present
Manual Removal
removed the following files
system32UACdfqsytqwwyfllri.dll
system32UACsnbfuyfvmevqlyg.dll
and the registry keys associated with them or at least I think I did but it has come back
I will go through the manual process again maybe I missed a key but any help would be appreciated thanks.