Jump to content

Roland redirected


roland67

Recommended Posts

  • Replies 54
  • Created
  • Last Reply

Top Posters In This Topic

Just booting to CD or USB won't do the job, you have to know what to fix once you're there; Bleeping Computer can help you with that. Anyway, you need to have 1. a bootable USB drive (it has an operating system on it that's set up to boot directly from the removable drive) 2. a computer that supports booting from USB, and 3. your computer's boot order in the BIOS set to try to boot from USB first. Taking those points in order:

1. Most Linux versions can be used this way, but you might as well have software meant specifically for repair/cleanup jobs, like Ultimate Boot CD . From that site you can download the file to create your own boot CD or USB stick, and they have links to where you can buy one cheap (not all USB sticks support making them bootable).

UBCD uses a Linux environment, but you can work on your Windows install from it. You'll see a link there to a version that uses Windows, called UBCD4Win, but that's quite a bit more trouble; you can't get it ready-to-install or pre-installed, since that would be pirating Windows. Instead, the program has to copy files from a Win XP installation CD. It's great, I've got it on CD, but it's a lot of extra work you don't need right now.

2. Any computer newer than about 2001 should support booting from USB, a boot CD will work even on older machines. Anything new enough to have a CD drive, that is.

3. See How To Boot your Computer from a Bootable USB Device . The same instructions apply to booting from CD/DVD, you just select that drive in the BIOS configuration utility.

A boot disk or USB stick is invaluable when malware or software problems stop your computer from booting, it can save you having to take it in to the shop. I recommend always keeping one on hand.

Link to comment
Share on other sites

I have the XP pro boot disc now so I will try to get onto my pc with that when I am off work. Is ther a specific link at Bleeping Computer dealing with the TDSS rootkit. Also how do I figure out if it really is the rootkit?

Link to comment
Share on other sites

Bleeping Computer doesn't have a removal guide for the TDSS rootkit, sorry. What you'd have to do there would be register, post the description of your problem on the appropriate forum, then wait for one of their experts to reply. Could take days before they get to you.

Tarun, who is also an expert, is offering to help right now (in the post above your last one). Also, it's his site, very rude to ignore him :P .He's asking for the details - you say the computer won't reboot since the update; what exactly happens when you try?

XP computers failing to boot after the recent Windows update is a widely-reported symptom of the TDSS (AKA TDL3 or TIDSERVE) rootkit. Unless you just happened to suffer a hardware failure at that particular moment, it's a pretty safe bet that's what you've got.

Link to comment
Share on other sites

  • Administrator

I'm wondering if it's just leftovers of the infection sticking with Firefox? I have seen that before. It's easy to fix too. Just backup your favorites and jot down your addons, then uninstall, delete your profile(s) and reinstall Firefox once there's no leftovers.

Though I am wondering if there's still signs of infections, and why MBAM didn't get it.

Link to comment
Share on other sites

Hi Tarun,

I have not yet had a chance to try to boot up with XP Pro disc. As of now pc will go to screen where you can choose from safe mode, last known config, countdown to Windows startup etc. No matter what I choose there, screen blacks out for a few seconds and then returns to Windows countdown screen. There was a Windows update the night before pc would not boot up. A friend suggests that If I can get it to boot, I should get everything off that I need and reformat the harddrive twice. He thinks that should get rid of TDSS. What do you think? I guess there is not much to say until I determine if I can get my machine booted.

Regarding my chastisement by Mr. Greenknight above, I did not mean to ignore you or be rude. Just alittle spaced out after two weeks of trying to fix the worst pc problem I have ever been faced with. I love your site. I adore the antimalware toolkit. You guys rock!

Link to comment
Share on other sites

  • Administrator

One of the best and surefire ways to ensure an infection is gone is, unfortunately, a format.

If you feel that it would be in your best interests to format, go ahead. Especially after two weeks. I would recommend that you also look into two options. Burning SP3 to another disc, and to make use of this: http://www.wsusoffline.net/

Link to comment
Share on other sites

Yeah, reformatting might be best. Get everything cleaned out at a stroke, get a clean system.

I do think this is a TDL3 (latest variant of TDSS) infection, though - the Google redirects, failure to boot after the update, it all fits. The malware has a rootkit component and a trojan downloader component, no telling how much other bad stuff it's installed on your computer.

For anybody who has this problem and wants to avoid a reformat, I found removal instructions from Kaspersky using their free TDSS removal tool, also tells how to identify the rootkit using GMER.

Link to comment
Share on other sites

Do you happen to know what bluebirds.exe is?

Do you happen to have an LG Electronics optical drive? Apparently some adware is being installed along with the drive.

See Here for a discussion regarding bluebirds.exe on a specific LG drive.

Here is the link to LG Product Support, you will see the Search For Another Model link at the top of the page to search

for your particular drive - assuming you have an LG drive which is causing bluebirds.exe to show up.

BTW, when testing the links MSFN was offline (probably testing the updated board software) so keep trying.

Link to comment
Share on other sites

A repair install is not what you need, you need to reformat - that means completely removing the old installation of your OS. Nothing will be recoverable. If you're not familiar with the process, see instructions here and here .

Make sure you have any drivers that came with the computer or peripherals at hand, you'll need to reinstall those.

Link to comment
Share on other sites

Sure there is - you need some sort of rescue disc. UBCD is one I mentioned earlier, but all its utilities are DOS based. Have you ever worked in DOS? If not, I'd forget about that one. UBCD4Win, which I also mentioned before, is only for XP x86. Should have never brought it up, forgot you have XP Pro x64. Oops.

Just to copy files you don't need a lot of tools anyway, just an OS you can boot up and access your files with. Try Puppy Linux , it's small and easy to use, and they have good instructions there for how to create a bootable CD.

Just boot up to the Puppy CD, then plug in a USB stick and copy the files onto that. Puppy includes software that allows you to write to the CD, so I suppose you could just save them in Puppy, but I think you'd be better off putting them somewhere else. I don't think the fact that your system is x64 presents a problem; I'm sure someone will correct me if I'm wrong.

With that Linux CD on hand, you'll have a backup OS you can boot up any time you have a problem that stops Windows from working. Very handy thing to have.

Another alternative would be Avira Antivir Rescue System . That has Avira Antivir antivirus on a bootable Linux disc. No confusing assortment of files to hunt through there, just a link to the latest version.

I don't think Avira will remove the malware you've got, unfortunately. You can copy your files with it, though.

Link to comment
Share on other sites

Hi guys,

Saved my stuff formatted and I believe rootkit is gone. I had to dl & install driver for video and am wondering if I have to do the same for sound. Do I do the same thing and figure out what my sound card is and dl driver?

Link to comment
Share on other sites

I had to dl & install driver for video...Do I do the same thing and figure out what my sound card is and dl driver?

You should have the latest drivers for ALL your hardware - mobo chipset, monitor, sound, video, kb, mouse, printer - you get the picture.

I have created a bookmark folder "Hardware Updates", with links to all my hardware updates (drivers/software), I also take a screenshot of the

changelogs and any other relevant information, and zip up the package -> Turtle.Beach.Santa.Cruz.v1.23.Feb.2010.zip (really .rar) - JMO :jump:

You could burn to RW media but with thumb drives so cheap and the fact I get tired of burning disks, moving to a thumb drive is pretty easy.

Link to comment
Share on other sites

First thing - have you reinstalled all the Windows updates? Because, if not, you're running a very insecure OS. You need to go to Windows Update and get all the updates that have been released since your installation disc was new. This takes quite a while.

As for the easy way out - There are a few programs out there that will scan your computer and find updates for your drivers. They all seem to cost about 30 bucks, and I don't know how far I'd trust any of them.

There are also free, reputable utilities that will tell you what you've got so you can search for updates. Belarc Advisor shows all the hardware and software installed on your machine, and the Windows updates that are installed - as well as which security updates are not installed - and displays the info in your browser. It doesn't show the drivers, though. It works on 32 or 64 bit systems. A very useful program to have in any case.

DriverView shows your drivers, and lots of information about them. There is a 64 bit version.

Between those two apps, you should be able to find the drivers you need to update. As for the pay programs - I've never used any of them, and don't want to recommend one.

Link to comment
Share on other sites

Well DriverView is a good program (as are most of Nir Sofer's utilities, some of which I use on a daily basis), but it will only tell you what you already have, rather than what you need.

Finding out your hardware (with Belarc or whatever) is a good first step, because the drivers you need are determined by what hardware you have.

If you have a Dell you used to be able to type the tag number into a page on their website and go from there. Haven't done that for some time so not sure if you can still do that. In fact, any big computer manufacturer (those who have recovery disks or more likely recovery partitions) will always have all the drivers you need, which will be installed as part of the "recover to factory condition" process. They just will not be the latest versions.

The most difficult is small companies: on the plus side you get a genuine original Microsoft OEM disk for Windows. On the negative side you usually don't get anything else and there is no easy way out at all. You have to start with Device Manager and Belarc and work from there.

If you look in Device Manager, do you have any big yellow question marks? That means that Windows has no driver at all for that hardware item and may not even have any idea what all the hardware is.

.

Link to comment
Share on other sites

Thanks again for all the great info. You guys have been generous and invaluable. I am familiar with Belarc. Will dl it and use forthwith. Got my audio going with realtek ac97. Don't think that will mess anything up. I have updated windows and yes it did take a really long time. I dld everything until it told me all I could get were optionals and I scooped a few of those.

On a side note, what do you think of Glary Utilities?

Also Secunia Software Inspector?

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.

×
×
  • Create New...