Archive for February 26th, 2009

I’ve just finished eradicating the Trojan.TDSS rootkit from a clients XP machine - what a pain.

Originally the machine was running McAfee but was running incredibly slowly. Replacing it with AVG Free made things a bit quicker but other things then started going wrong.

The browsers were not redirecting properly and some Blue Screen of Death’s were ocurring. The final straw was a failure to boot up properly - some hours wasted trying out different msconfig settings before finding the ‘root’ cause.

Upon runing Malwarebytes mbam the trojan was detected but it took a few renaming of binaries to get it to run and update.

The final fix was

1. Safe mode - run mbam (renamed)

2. Run combofix

3. Run SDFix

4. Reboot again and re-run mbam.

5. Update AVG and run full check

6. Install Superantispyware and run

7. Run Spybot search and destroy and install tea-timer.

Hopefully that will stop it happening again - one very happy client, although I did recommend they get all their online banking, paypal and email passwords changed…