• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1584
  • Last Modified:

Rootkit Blocking TDSSKiller From Running

I am working on removing a virus from a clients PC. I have so far ran Combo Fix twice and RKill/Malwarebytes once. In all three cases, viruses were found and dealt with. However, when I am attempting to run TDSSKiller to check for a root kit, it will not run. There is no error message or anything, it simply does not execute.

I have tried re-downloading TDSSKiller and renaming it but it still is unsuccessful. I have also entered the Device Manager and checked for the presence of a TDSS Driver. I found nothing. An excellent post on this site (If You Can't Run .exes in an Infected System) mentioned that I should post a question in the Virus and Spyware forum.

Any help would be greatly appreciated. Thank you in advance!
2 Solutions
Lior KarasentiCommented:
Your best option at this point is to reinstall the OS

Some Rootkits can penetrate so deep into the OS that it can NOT be remove
Burn DrWeb LiveCD from here http://www.freedrweb.com/livecd/?lng=en
Then boot your computer from the CD and let it scan.

It could take a few hours to do a full scan.
jgretschAuthor Commented:
@liorkr: I understand. I figured that might be my only play, but was hoping not to have to do that as this particular PC has numerous programs on it that the client no longer has the software disks for. Thank you for your timely response though.
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

jgretschAuthor Commented:
@ABCStore: I will give that a try. I am definitely willing to exhaust any and all options before taking the route of a full system reload. Thank you for the advice.
Before giving up, try one of the rogue process stoppers before doing your scans. There are three top flight ones mentioned in these EE Articles, plus some other steps you should take:

http://www.experts-exchange.com/A_4922.html Rogue-Killer-What-a-great-name
http://www.experts-exchange.com/A_5124.html Stop-the-Bleeding-First-Aid-for-Malware
jgretschAuthor Commented:
@younghv: I will definitely try these. Right now, I am in the process of the full scan with the DrWeb Live CD that was mentioned above by ABCStore. If that scan does not detect the root kit then I will move onto those two links you posted. Thank you!
Please make sure you fire more than one weapon at that thing - always better to have mulitple scans.

TDSSKiller is a great tool and RogueKiller will check for rootkits also. Please use the EE "Attach" function to post the logs from any scanners that you run and we can take a look at them for you.
Thomas Zucker-ScharffSystems AnalystCommented:
If you want a look at more antirootkit tools see my article on rootkits and free antirootkit tools reviews.  As younghv said you need to run a feww tools on this (i always suggest at least 3 anti-rootkit tools and then a deep scan with MBAM).

Thank you for closing this up promptly and I hope you were successful in removing all traces of the rootkit.

With that said, we really do like to see the logs of scanners to view the results, and 'tzucker' has done a lot of work with rootkits if you need more help.

Please post back if you still need any help.

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now