Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
This discussion is locked
4328 Views 4 Replies Latest reply: Dec 7, 2010 4:46 AM by Peacekeeper RSS
EinmikroFreund Newcomer 3 posts since
Dec 7, 2010
Currently Being Moderated

Dec 7, 2010 2:56 AM

TDSS.d!mem trojan removed???

Hello!

 

First of all, a disclaimer: I apologize for my poor attempt to explain my problem in ordinary words, as I am far from being knowledgable on computers!

 

When I ran my routine virus scan (Full Scan) on the morning of Sunday (December 5th), my McAfee Internet Security software detected the trojan TDSS.d!mem (discovered Dec 4th, 2010) from my computer's location that read SUSP_IRP_MJ_CREATE .  I was immediately in my panic mode since my McAfee software, at the end of the scan, gave the status to the trojan as "unable to delete" (or something like that, since I couldn't really remember the exact words).  I then installed and ran the McAfee Virtual Technician, where it was able to fix a problem in the registry (I think it was where the problem was found) of the VirusScan component of the Internet Security.  After that, I've also updated the virus defintions (I think experts refer to as DAT; it was 6188 as of Dec 5th) and proceeded with another Full Scan, but this time the scan came up CLEAN!!!   I also did a full scan for spyware using Webroot SpySweeper (with the updated definition as of Dec 5th) after my second McAfee Full Scan, but came up clean as well.  Afterwards, I restarted the computer, and did the full scans with both softwares (McAfee and Webroot), but they both came up clean again!

 

On Monday (Dec 6th), I updated my definitions for McAfee to DAT 6189, ran a Full Scan, and came up clean again!  I then installed the McAfee Labs Stinger (Version 10.1.0.1197; built on Dec 2nd 2010) with Virus data file V1000.0000 (created on Dec 2nd, 2010) and scanned the computer, which came up clean.  There was no surprise in this one, because the Stinger version was from Dec 2nd, and the trojan wasn't discovered until Dec 4th.

 

Therefore, I am wondering if the TDSS.d!mem trojan has been really gone from my computer after the fix done by the Virtual Technician?  As I am no computer expert, I have been really worried about this, because this is the only computer I have.

 

THANK YOU VERY VERY MUCH!!!  MUCH HELP IS APPRECIATED!

 

--Paul

  • Peacekeeper Volunteer Moderator 21,332 posts since
    Nov 23, 2002
    Currently Being Moderated
    2. Dec 7, 2010 4:17 AM (in response to EinmikroFreund)
    Re: TDSS.d!mem trojan removed???

    Open security center and click on navigation.Go to quarantined items and check in the thre area there. Is the file there?  Detete it if the file is not a windows file.

     

    As you said only found 4 December. see if it is in quarantine area


    Tony
    Volunteer Moderator
    Mcafee Total Protection 7.0 beta, Windows 8 64bit
    No Unrequested PMs please
    Do you have an idea for improving McAfee products? Please share it in the new Ideas community space!  NOTE: You must register an account first.

  • Peacekeeper Volunteer Moderator 21,332 posts since
    Nov 23, 2002
    Currently Being Moderated
    4. Dec 7, 2010 4:46 AM (in response to EinmikroFreund)
    Re: TDSS.d!mem trojan removed???

    Restore could be a help but not really up on rootkits.

     

    better let someone who knows more answer. While waiting try the following

    SuperAntiSpyware

    http://www.superantispyware.com/superantispywarefreevspro.html


     

    Malwarebytes Anti-Malware

    Download the free version here:

    http://www.malwarebytes.org/mbam.php

     

    When you download them rename setup and default folders. This a safe idea to stop malware recognising them. Also good to rename the exe file for both programs.  update them and run them asap.



    Tony
    Volunteer Moderator
    Mcafee Total Protection 7.0 beta, Windows 8 64bit
    No Unrequested PMs please
    Do you have an idea for improving McAfee products? Please share it in the new Ideas community space!  NOTE: You must register an account first.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points