So, the restore ran successfully and got the internet working again. Just ran TDSSkiller and it found nothing, any advice as to how I can make sure there's no rootkit installed?
If TDSSKiller didn't find anything that's not absolute proof that you don't have a rootkit, but it's a pretty good indicator that you're okay. McAfee's own Rootkit Remover (which you can get from HERE) checks for ZeroAccess as well as TDSS, so you could run it also as a check.
System Restore gets you out of trouble about 90% of the time, so keep your fingers crossed. You're probably okay.
Moved this to Malware Discussion > Home User Assistance as a better spot for it.
Thanks for the reply!
I ran rootkit remover and it found nothing as well. The only odd symtom I have noticed since my last post was two consecutive requests from tdsskiller (file located in temp folder for some reason, with oddly long/nonsensical names in the filepath) for permission to modify harddrive, which I denied. I had run tdsskiller in safe mode the last time I started it up.
I know it's never possible to be 100%sure your clean, but should I continue to worry/continue scanning? Or, should I leave it for now and look for symptoms while not doing anything that could risk my info? Or am I being overparanoid at this point?
I think you can assume you're 99% safe. Because of the 1% margin, watch for anything out of the ordinary - requests for unknown programs to connect to the internet, pop-ups, abnormally high CPU, it's difficult to be specific. And certainly, for the next week or two, run an occasional Quick Scan just to check for anything that shouldn't be there.
After a System Restore you need to re-download anything from Microsoft and McAfee that the rollback undid. Other than that, just carry on as normal.
I don't know why TDSSKiller wanted to modifty the hard drive; if it didn't say what exactly it was going to do and why you may have been right to deny it permission.
Thanks, I appreciate the advice and help! I think that will be my plan of action.
Just realized something kind of odd, looking at the rootkit remover log and there's no mention of initialization, itskips from scanning fo updates to scanning. the "how to use rootkit remover tool" guide mentioned the initialization step so thats why I'm asking. I pasted the log below.
Rootkit Remover v0.8.9.161 [Apr 5 2013 - 16:14:29]
Windows build 6.1.7601 x64 Service Pack 1
Checking for updates ...
Scan Result --> No trojan or viruses found!
Press any key to exit.
I don't thnk that's anything to worry about. The illustration in the How-To is for a slightly earlier version, and I would think the initialisation stage is mostly checking for updates anyway.
So another update, I ran a McAfee full scan and it found and removed RDN/Generic.BackDoor!mv
Any advice about what to do next?