4 Replies Latest reply: Dec 7, 2010 4:46 AM by Peacekeeper RSS

    TDSS.d!mem trojan removed???



      First of all, a disclaimer: I apologize for my poor attempt to explain my problem in ordinary words, as I am far from being knowledgable on computers!


      When I ran my routine virus scan (Full Scan) on the morning of Sunday (December 5th), my McAfee Internet Security software detected the trojan TDSS.d!mem (discovered Dec 4th, 2010) from my computer's location that read SUSP_IRP_MJ_CREATE .  I was immediately in my panic mode since my McAfee software, at the end of the scan, gave the status to the trojan as "unable to delete" (or something like that, since I couldn't really remember the exact words).  I then installed and ran the McAfee Virtual Technician, where it was able to fix a problem in the registry (I think it was where the problem was found) of the VirusScan component of the Internet Security.  After that, I've also updated the virus defintions (I think experts refer to as DAT; it was 6188 as of Dec 5th) and proceeded with another Full Scan, but this time the scan came up CLEAN!!!   I also did a full scan for spyware using Webroot SpySweeper (with the updated definition as of Dec 5th) after my second McAfee Full Scan, but came up clean as well.  Afterwards, I restarted the computer, and did the full scans with both softwares (McAfee and Webroot), but they both came up clean again!


      On Monday (Dec 6th), I updated my definitions for McAfee to DAT 6189, ran a Full Scan, and came up clean again!  I then installed the McAfee Labs Stinger (Version; built on Dec 2nd 2010) with Virus data file V1000.0000 (created on Dec 2nd, 2010) and scanned the computer, which came up clean.  There was no surprise in this one, because the Stinger version was from Dec 2nd, and the trojan wasn't discovered until Dec 4th.


      Therefore, I am wondering if the TDSS.d!mem trojan has been really gone from my computer after the fix done by the Virtual Technician?  As I am no computer expert, I have been really worried about this, because this is the only computer I have.





        • 1. Re: TDSS.d!mem trojan removed???

          Sorry, I've missed a detail in my story.  There was also 1 rootkit detected according to the Security Report of the McAfee Internet Security but the name of the rootkit was not displayed alongside the trojan.  This happened on the same scan where the trojan was found. But, as I have mentioned, subsequent update of definitions and full scans came up clean after I used Virtual Technician, which fixed one problem with the VirusScan registry.



          One more question in addition to the one I've posted above:  Since I use Windows XP, would "System Restore" be a valid option in getting rid of the problem (assuming the trojan has still not been gotten rid of)?



          Thanks again for any help!






          Message was edited by: EinmikroFreund on 12/7/10 4:11:57 AM CST
          • 2. Re: TDSS.d!mem trojan removed???

            Open security center and click on navigation.Go to quarantined items and check in the thre area there. Is the file there?  Detete it if the file is not a windows file.


            As you said only found 4 December. see if it is in quarantine area

            • 3. Re: TDSS.d!mem trojan removed???

              No, I could not find it.  Now I'm just a bit more worried, but thanks for the help!


              Hm... How could that trojan NOT be detected in the subsequent scans except the first one??

              • 4. Re: TDSS.d!mem trojan removed???

                Restore could be a help but not really up on rootkits.


                better let someone who knows more answer. While waiting try the following




                Malwarebytes Anti-Malware

                Download the free version here:



                When you download them rename setup and default folders. This a safe idea to stop malware recognising them. Also good to rename the exe file for both programs.  update them and run them asap.