omg, !@#$*^ trojan!

Zenphic · 25th Nov 2008, 11:41 AM

Seriously, this hasn't been my week. I booted my PC this morning and I got a warning from Avira Antivir that it detected a trojan. It was located under System32 and it was called TDSSntlv.dl and caused problems like not being able to run some software and bluescreens...

Whenever I tried deleting/quarantining/ignoring/denying access, a new warning would pop up moments later with the same problem.

I navigated to System32 and I tried to look for the file itself, thinking that maybe Avira wasn't deleting it properly. I made sure that Explorer was set to show all files and, omg, I couldn't see it! Ran a full virus scan with Antivir and it didn't pick anything up. I ran other spyware software and they didn't pick anything up or would crash whenever I tried running it in safeboot.

Finally, got frustrated and pulled out the HDD, put it into an enclosure and got my laptop to scan it. I explored the HDD and I could finally see the TDSSntlv.dl file. Running the scan right now and it picked up a few TDSS***.dll files. Hopefully it fixed it...

starboykb · 25th Nov 2008, 11:53 AM

you should tried using Combofix to do the cleaning and see if it helps.

PsYkHoTiK · 25th Nov 2008, 12:04 PM

Make sure your System restore is turned off before you clean/scan.

lee_what2004 · 25th Nov 2008, 01:06 PM

sysinternal task manager to kill the process
and hijackthis to diagnose
and unlocker to delete

Chai · 25th Nov 2008, 01:59 PM

Taking out the HDD and connect it to another PC is the best way to clean it.

Adrian Wong · 25th Nov 2008, 09:15 PM

Quote:

Originally Posted by Chai

Taking out the HDD and connect it to another PC is the best way to clean it.

Yeah, that's actually much easier than cleaning the drive using the same system.

karhoe · 25th Nov 2008, 10:11 PM

Did you set the option to 'show system protected files?'

lee_what2004 · 25th Nov 2008, 10:43 PM

Quote:

Originally Posted by Adrian Wong

Yeah, that's actually much easier than cleaning the drive using the same system.

that's applicable only if you got spare system to do it

Adrian Wong · 25th Nov 2008, 11:08 PM

Quote:

Originally Posted by lee_what2004

that's applicable only if you got spare system to do it

That's true... or well, a friend who has a computer.

Chai · 26th Nov 2008, 01:20 AM

I think most people have more than 1 PC at home now.

25th Nov 2008, 11:41 AM	#1 (permalink)
Zenphic Super Active Join Date: 23 Apr 2006 Location: Quebec, Canada Posts: 1,098 Reputation: 467 Rep Power: 9	*omg, !@#$^ trojan! Seriously, this hasn't been my week. I booted my PC this morning and I got a warning from Avira Antivir that it detected a trojan. It was located under System32 and it was called TDSSntlv.dl and caused problems like not being able to run some software and bluescreens... Whenever I tried deleting/quarantining/ignoring/denying access, a new warning would pop up moments later with the same problem. I navigated to System32 and I tried to look for the file itself, thinking that maybe Avira wasn't deleting it properly. I made sure that Explorer was set to show all files and, omg, I couldn't see it! Ran a full virus scan with Antivir and it didn't pick anything up. I ran other spyware software and they didn't pick anything up or would crash whenever I tried running it in safeboot. Finally, got frustrated and pulled out the HDD, put it into an enclosure and got my laptop to scan it. I explored the HDD and I could finally see the TDSSntlv.dl file. Running the scan right now and it picked up a few TDSS*.dll files. Hopefully it fixed it... __________________ E2160 @ 1.8Ghz (0.95V) \| XFX 650i Ultra \| 2x1GB Crucial Ballistix DDR2-800 \| Gigabyte GeForce 6600 \| Hitachi Desktar T7K250 250GB \| CM Mystique 632 \| 2x Noctua NF-S12 800RPM \| CM RPP 550W

25th Nov 2008, 12:04 PM	#3 (permalink)
PsYkHoTiK "Little" Devil Join Date: 8 Apr 2004 Location: On the "throne" Posts: 14,661 Reputation: 4442 Rep Power: 64	Make sure your System restore is turned off before you clean/scan. __________________ Intel SLAPL 4.3GHz @ 1.35v : 2x2GB OCZ Platinum DDR2 1066 : Asus P5K Premium : WD RE3 250GB x2 RAID 0 : 3ware 9650SE-2LP : G92 8800GTS 512mb 820MHz Core : XFi Platinum : Silverstone OP650 : Silverstone TJ-07 : Dtek FuZion CPU : Swiftech MCW60 : MCP655 : Thermochill PA120.3 w Scythe Ultra Kaze CPU-Z: SLAPL : SLA9U : FX-55 : DDR 600 : VX www.techarp.com PsYkHoTiK's Meanderings

25th Nov 2008, 01:06 PM	#4 (permalink)
lee_what2004 Super Active Join Date: 28 Dec 2007 Location: Melaka Posts: 1,313 Reputation: 1106 Rep Power: 14	sysinternal task manager to kill the process and hijackthis to diagnose and unlocker to delete __________________ Once a wise-man said : Chapter 1: Don't ever compare if you want to stay constant..... Chapter 2: Whatever you have done in the internet, you will never get away from it... Chapter 3:To be continued after I thought another one

25th Nov 2008, 01:59 PM	#5 (permalink)
Chai Administrator Join Date: 6 Oct 2002 Location: Maranello Posts: 27,884 Reputation: 4630 Rep Power: 81	Taking out the HDD and connect it to another PC is the best way to clean it. __________________ Chai (Contributor & Forum Admin) http://www.techarp.com/

25th Nov 2008, 10:11 PM	#7 (permalink)
karhoe Active Join Date: 29 Nov 2006 Posts: 599 Reputation: 11 Rep Power: 3	Did you set the option to 'show system protected files?' __________________ My Blog SPM Timetable 2009

25th Nov 2008, 11:53 AM	#2 (permalink)
starboykb Getting there Join Date: 6 Oct 2008 Location: Brunei earth Posts: 158 Reputation: 0 Rep Power: 2	you should tried using Combofix to do the cleaning and see if it helps.

26th Nov 2008, 01:20 AM	#10 (permalink)
Chai Administrator Join Date: 6 Oct 2002 Location: Maranello Posts: 27,884 Reputation: 4630 Rep Power: 81	I think most people have more than 1 PC at home now. __________________ Chai (Contributor & Forum Admin) http://www.techarp.com/