Hi,
I’m getting the same trojan [C:\Windows\System32\gaopdxewrdghbhqxomtgnihkdujkdrqpmroiva.dll] everytime I scan My Computer. Remove and Quarantine do not function and the trojan reappears everytime the Windows boots. The Threat Name is [TrojWare.Win32.Tdss.f@16652610].
I’m having Win XP Sp 3.
Please help removing the trojan permanently from the system.
Thanks in advance.
Anon_User
Start PC in safe mode with networking download malwarebytes and update and run full scan. And run a scan with comodo in safe mode. Then restart and you should be virus free. You can start in safe mode when you restart your pc tap F8.
Hi,
I just wanted to say you that MBAM is not specifically designed to work in safe mode and could get other results, use it carefully !
best regards,
eXPerience
You won’t be able to remove this with malwarebytes or CIS.
This tdss thing loads a driver that hides and protects it’s files, even in safe mode.
Once that driver’s loaded there isn’t much any anti-malware application can do.
(If I remember right, it won’t even allow you to install malwarebytes)
You need to run a rootkit scanner like rootkit revealer or gmer.
These should report a hidden registry key in hklm\system\currentcontrolset\services
That’s the service used to load the driver.
Download the avenger ( Swandog46's Public Anti-Malware Tools ) and set it up to delete that service.
You’ll need to use the exact name of the service as it appears in the registry. There’s easy instructions on the avenger page on how to configure the script.
After running the avenger it will reboot and remove the driver. Then the other files will be unprotected and your anti-virus can easily remove them.
You will need to download a bootable antivirus and put it on a cd like Bitdefender
http://download.bitdefender.com/rescue_cd/BitDefenderRescueCD_v2.0.0_3_08_2009.iso
Bootable antivirus can remove anything no questions asked. Its good to keep the disk safe incase you need it again