Computer virus is frustrating

[Tenor CS]

I also like to use a linux live cd (my favorite is puppy linux) to boot up your computer to at least be able to copy all of your files to an external drive so you don't lose everything.

[bvilchez]

Quote:

Originally Posted by Tenor CS

I also like to use a linux live cd (my favorite is puppy linux) to boot up your computer to at least be able to copy all of your files to an external drive so you don't lose everything.

Already done....that was the first thing I did last night.

[Ashcan Bill]

If the name of the virus/scam is Antispy-Soft, it's a widespread problem.

Do a search on your hard drive and see if you come up with any files named "tssd". If you do, you have the Antispy-Soft malware on your computer.

There is a manual way to delete it, but the various anti-virus programs probably won't touch it. Trust me, I know.

[D_A]

Quote:

Originally Posted by bvilchez

Already done....that was the first thing I did last night.

If you've gotten the files you want off and you already intended to upgrade at some point, i would just format the drive and do a fresh install of the new OS.

[wayner123]

Quote:

Originally Posted by D_A

If you've gotten the files you want off and you already intended to upgrade at some point, i would just format the drive and do a fresh install of the new OS.

I hate to say this, but if you got one of the new TDL4 or TDSS rootkits, go ahead and reformat your hard drive. There are ways to check if you have this. Malewarebytes, bleepingcomputer and kaspersky all have great forums to help out with the problem.

The new version of the TDSS rootkits are unable to be removed or quarantined. No software company has come up with a solution yet. I had this problem a few weeks ago now and got the newest tdl4 version of the rootkit. After many days and hours of research I ran across some hacking websites. They were discussing these new rootkits and how they act. To sum it up, when the guys who get paid to hack can't figure out "how" the rootkit is even reacting, it's time to re-format.

Here's a great write up on the TDL3:

http://rootbiez.blogspot.com/2009/11...-lets-put.html

That was 2 revisions ago, and the latest ones are 10x worse. The secretly log and report any credit card numbers, bank account information, etc.

[Ashcan Bill]

Quote:

Originally Posted by wayner123

I hate to say this, but if you got one of the new TDL4 or TDSS rootkits, go ahead and reformat your hard drive. There are ways to check if you have this. Malewarebytes, bleepingcomputer and kaspersky all have great forums to help out with the problem.

The new version of the TDSS rootkits are unable to be removed or quarantined. No software company has come up with a solution yet. I had this problem a few weeks ago now and got the newest tdl4 version of the rootkit. After many days and hours of research I ran across some hacking websites. They were discussing these new rootkits and how they act. To sum it up, when the guys who get paid to hack can't figure out "how" the rootkit is even reacting, it's time to re-format.

Here's a great write up on the TDL3:

http://rootbiez.blogspot.com/2009/11...-lets-put.html

That was 2 revisions ago, and the latest ones are 10x worse. The secretly log and report any credit card numbers, bank account information, etc.

I didn't know there were new versions out. The one I dealt with a while back required some file deletions and registry edits, but I managed to disable it. Sounds like the bad guys are getting badder.

I was lucky in that the first time it tried to "call home", Zonealarm caught it and asked me for permission to let it out through the firewall. I didn't recognize the program, so I denied permission, then discovered how badly I was infected, and eventually got things cleaned up. I suspect I still have some of the code somewhere, but I killed the executable commands. Nasty bugger.