1 2 3 4 Previous Next 35 Replies Latest reply: Nov 13, 2011 4:20 PM by flyingninja Go to original post RSS
      • 20. Re: TDSS.e!RootKit

        Thanks Neha

        I have acted on your suggestion to update my Mcafee Virus Scan Plus on the HP computer.  Connection to the internet went smoothly and McAfee update is installed and running a full scan.


        I found a simple solution to my Windows update problem on the Tech Republic forum.   When the virus made all my files hidden, it broke a link in the chain to updates.  I searched for C:\Windows\SoftwareDistribution and changed the attribute of the folder and its files - unchecking Hidden.   I connected at updates just fine after that.  No more 0x800A0046 error, and i was able to install the latest updates.  I hope this gets through to Microsoft.  They don't seem to be aware of such a fix.


        I haven't found the getsusp tool yet.





        • 21. Re: TDSS.e!RootKit

          Hi Joe,


          I could not able to attach the file, please install from below link - Getsusp Tool



          Once you start scanning you will find the files being capture and marked in red if any send those files for analysis to virus_research@avertlabs.com and provide me the analysis id you receive


          Feel free to contact us further



          Neha C

          McAfee SME

          • 22. Re: TDSS.e!RootKit

            Hi everyone,


            Sorry its taken me so long to get back with an update. I'd not had time to look at this in the last ten days or so but gave it another try this morning.  I decided to download the latest version of TDSSKiller - and it ran first time.  Clearly this has been updated since I first tried it about two weeks ago because the virus was stopping it from running perviously.  I did a full scan, it detected the rogue file and deleted it.  I rebooted and ran a McAfee scan and no problems were detected.  I had actually just looked out my system restore disk, had backed up all of my files and was just about to wipe everything and start  again when I gave this one last try - very glad I did.  I'm still slightly nervous that there is something lurking in the background but everything I've run from TDSSKiller, Stinger, Malwarebytes and McAfee has come up clean.  I'll be quite vigillent for the time being but (touch wood!) everything seems a-okay!


            Thanks for all the help and advice.






            • 23. Re: TDSS.e!RootKit



              I have scanned the HP computer with the latest version of McAfee antivirus on 6/16 and found no malware.  I also did an updated Malware Bytes scan which reported clean.


              I have not gotten the getsusp tool as yet but have read documentation and FAQ's at the # 197964 message you mention.   Does the software report back automatically when on line?  If so, is there a need for separate zipped e-mail of threats?   Should I run it on line or off?


              As I look at the #197964 message, is the link to the latest getsusp software in the first updated post or further down?


              I've been involved with computers a long time, but I like the latest more complicated versions to run more like an appliance.


              Thanks again



              • 24. Re: TDSS.e!RootKit

                Found Getsusp download at another thread using the Getsusp button on Top threats.

                • 25. Re: TDSS.e!RootKit

                  Hi Joe,


                  Thats the correct one

                  "Found Getsusp download at another thread using the Getsusp button on Top threats."


                  If you are finding your system clean then not required, keep it for future. Its a helpful tool for capturing suspicious file.


                  Please keep your McAfee up-to-date.

                  Scan Engine version: 5400

                  Dat Version (on 18th July): 6411




                  • 26. Re: TDSS.e!RootKit



                    Thanks for the confirmation.  I ran that version of GetsSusp on my HP and got a report of three suspicious files, not in the root.  The files were put out by NVidia as part of my video card software and were created and last modified on 9/27/2009.   They don't look suspicious to me, as the date is way off the time of the exploit.  The automatic zip and send worked but apparently the bundle was too big so I got no verdict on the files.  If you think I need to do it, I'll package them individually.  Personally I think the real suspect files have already been quarantined.  Since GetSusp is only looking at active files, would it see them?


                    The GetSusp seemed to work OK, although it needs to figure out if the zip packages are too big before it sends them.


                    Thanks again



                    • 27. Re: TDSS.e!RootKit

                      Hi Joe,


                      Not required as of now, you can use this tool later anytime you find any suspcious activities happening and inform us




                      McAfee SME

                      • 28. Re: TDSS.e!RootKit

                        Hello,  Is anyone out there still having this issue?  My pc seems to have been hit with this, and after following all steps in this post, I can't shake it.  McAfee finds it during a full scan, says it removes it, and then finds it again after I reboot my computer and immediately run a scan.  GMER did not detect any changes, and GetSusp found 1 suspicious file.  TDSSKiller won't run.  Help!

                        • 29. Re: TDSS.e!RootKit

                          Did you use the latest getsusp? From the link in

                          McAfee Communities: Anti-Spyware, Malware & Hijacker Tools


                          Try the fake alert stinger ( not that good for rootkits)  as well as Malwarebytes.

                          For stinger I recommend in the preferences, increase the sensitivity level to “Very High” and check “Boot Sectors” and also select "Super Scan"  Super Scan enables heuristics and the "Very High" is an aggressive level to find suspicious/unknown files by doing a dns query to our Global Threat Intelligence library.

                          Some hints


                          Hopefully a lab tech will see this