This nasty keeps reappearing on my computer… “TrojWare.Win32.Rootkit.TDSS.cig@2554649” in my “System 32” folder under the name “TDSSotqt.dll”. Comodo first detected it two weeks ago, so I deleted the file. I ran another scan right after and my computer came out clean. I normally do a full scan once a week, so the following Monday it was flagged again. So I deleted it again. I regularly delete my System Restore points, the Registry is free from anything resembling this name, so I don’t know why it keeps coming back. Then this morning, I scanned and lone behold, it came back again!! So I deleted and ran another scan, and Comodo says that I’m clean. But I know that when I run a scan in a couple more days, it’ll some how mysteriously come back.
I did some searching on the web for similar incidents, but half the forums out there are crooked and junk anyways. Does anyone know what this “Trojware.Win32” nasty is? Why it keeps reappearing? And how I can permanently delete the bug?
We could look at a HijackThis log to maybe see what else is going on:
Click here to download HJTsetup.exe and download the installer.
[]Save HJTsetup.exe to your desktop.
[]Double click on the HJTsetup.exe icon on your desktop.
[]By default it will install to C:\Program Files\Hijack This.
[]Click on the Do a system scan and save a log file button. It will scan and then the log will open in notepad.
[]Click on “Edit > Select All” then click on “Edit > Copy” to copy the entire contents of the log.
[]Come back here to this thread and Paste the log in your next reply.
[*]DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:36:42 AM, on 1/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
I don’t see any current problems in the log unless something is hiding from HijackThis. You could try renaming HijackThis.exe to say HijackNew.exe and run it again to see if there are any changes.
Otherwise if you have no problems with your computer, if it comes back again, try uploading the file to Virustotal:
This morning Comodo alerted me of a bug on my system that wasn’t present before. I’ve attached a screen shot of the dialogue box. You said to upload the suspicious file to VirusTotal, but here’s the thing, these files in question, they won’t upload, won’t delete, and won’t allow themselves to be moved or renamed, so I’m stuck.
Any more ideas?
P.S - I haven’t even been on my computer and only logged onto the net to check this forum as I’ve been busy at work. How is it that this bug keeps popping out of nowhere?!?!
Hi paradiseyes, There seem to be signs of a malware program called Antivirus 2009, so you could try running Malwarebytes to see if it can delete your bad files. You could follow the instructions here:
If it doesn’t find anything, I think you need to post on a specialist help forum where they will guide you better than I can.
I installed and ran Malwarebytes and found 8 infected registry keys. One of the keys was infected by the TrojWare.Win32.Rookit (which is the nasty who kept coming back, now I know why), and the others were of the problems I just had this morning.
So it’s all fixed now. No more nasty bugs, and thanks to your advice, I won’t have to worry about them coming back again!!
