Hi my laptop caught a virus. Wild thing to me is I wasnt even on computer the day i got it. No-one was.
Anyhow its called BKDR_TDSS.AZE

My Norton didint catch it but the computer was infected. One it did find I think was something like a fake Microsoft named Antivirus - trojan. All the bad I had heard about Norton I decided to delete it and load Trend Micro into it.
Trend found the BKDR one but not the fake MSFT Antivirus trojan. What I found on the internet is its a nasty one and hard to get rid if.

Has anyone here had this and got rid of it?

I tried to look for file and nothing per Trend Micros advice.Even where trend micro had it as. Then I tried it in safe mode, searched for the file name (which wasnt the BKDR as titled) I searched for it by just the first few letters, the whole thing, then I tried to search it as BKDR_TDSS.AZE and nothing, then tried BKDR nothing, then tried .AZE nothing. I looked in registry but wasnt exactly sure where to look but searched it and found nothing.

My trend micro says its in c/windows/system32 an c/windows/temp


At this point im ready to uninstall windows and start from fresh again which isnt so bad on the laptop as far as programs lost. What im not sure of is how to do this ? And if my laptop has a partitioned drive that will reload it for me?

Any help appreciated. I probaly spent 10 hours on it already and got nowhere. I think this virus even if quarantined can recreate itself. Also trend micro says to go into my quarantined files but the box is grey and it wont allow me in even though theres 11 files in it.

THANKS:)

Craig,

What laptop do you have? Most do have a separate partition that you can either use to restore or burn it to a CD/DVD and then restore from there. If you post the make and model I can do a quick search and should be able to give you the info on the restore.

Having said that, I think this is your best bet for this particular virus. I'm quite sure you could irraticate it another way but it may take you 10 more hours and it may never happen. Wipping the HDD clean and starting fresh is your best bet. Hopefully your machine will allow you to burn the restore to CD/DVD and you can then compelty wipe the HDD to include the boot sector.

Dan

Can't help you with this but when you get it fixed, get CA Security software, It's about $50 and provides firewall, antivirus, adware, and all kinds of protection. I've had it for over 2 years and no problems. License is renewable on line after the first year for a small fee.

Great program.

I am not afiliated with CA software and receive no remuneration from them.

Download Spybot and AVG and run those programs. You can boot into safe mode when you run them. The virus should get removed with these programs.

Realistically, it could take a few times longer to remove the virus than to reinstall the o/s. Unless it's one of the easy ones. And even then, with a trojan you'll never be sure if something is not being fed into your pc while you're removing what you know about. So I don't even bother and within seconds of any possible infection I reinstall everything. Obviously data has to be backed up on a regular basis and it's good to have a clean image of your drive handy.

+ 1 AVG or Avast. Spybot or Ad-aware

I'd also review the time period just as you became aware of the virus and figure out how you caught it. You could block the URL in your router or notify whoever sent the email with it, etc.-

A good computer tech guy can get it cleaned up for about $100. Probably worth the money to have a professional remove it and not spend countless hours trying to fix it.

Here's a Solution from Trend
this must be a new Trojan there's very little about it anywhere.
Might it be North Korean?

Trend Micro has a release on it: WORM_WALEDAC.DU
here: http://matcha139.hiemalis.org/~isamik/ptn/6.245.00.txt (http://matcha139.hiemalis.org/%7Eisamik/ptn/6.245.00.txt)
that string you have: BKDR_TDSS.AZE is down in the middle of the page

Here is their Solution
http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WALEDAC.DU



And for sure I'd recommend you get something like RKTF (Registry Keys Trash Finder) that will find and let you delete mal-ware registry keys and useless registry key entries It's a lousy $20 and lets you do things that not one of the anti virus or anti spy software will allow because they use such registry keys (like Armadillo) to manipulate your system and software and won't let you manipulate them.

Dell Inspiron 1501
Thanks


Craig,

What laptop do you have? Most do have a separate partition that you can either use to restore or burn it to a CD/DVD and then restore from there. If you post the make and model I can do a quick search and should be able to give you the info on the restore.

Having said that, I think this is your best bet for this particular virus. I'm quite sure you could irraticate it another way but it may take you 10 more hours and it may never happen. Wipping the HDD clean and starting fresh is your best bet. Hopefully your machine will allow you to burn the restore to CD/DVD and you can then compelty wipe the HDD to include the boot sector.

Dan

Replied to PM but wanted to make sure you got it Craig.

That machine does have a Symantec restore partition. Unless you wiped the whole HDD at some point it will restore your machine to "day 1" for you.

You can follow the instructions in the link below from Dell and you should be all set.

http://support.dell.com/support/topics/global.aspx/support/dsn/en/document?journalid=6EBB31945156F559E040AE0AB8E16CF 8&docid=336966

Hope it helps.

Just a side note, I have been running ClamWin (free) anti virus and use Firefox exclusively for browsing with Ad Block Plus installed. I have not had any virus or spyware on any of my machines for 5+ years with that setup.

The first and easiest thing to do is to perform a system restore. if you go into the start menu and click on acessories and then system tools, you will find it there, if not use the help function in the start menu to locate it. Pick a date that you are sure the virus was not on your computer and restore to that point.

In my personal experience, adaware and spybot etc... programs do little more than pull up a bunch of temp files and hkey files. they are not very good at dealing with a well programmed virus. the same goes for pricey anti virus software which i feel is overrated, even though i'm sure many will disagree with me.

i would try the restore before purchasing anything...good luck

The problem is that the restore partition is likely infected as well. Bedore scanning, BE SURE to turn off system restore, or you will be scanning again and again.

for just scanning the machine for viruses, try a simple but effective scanner like clamwin. There are ways to run it from a usb key after booting into safe mode. try portable apps. http://portableapps.com/

Has anyone here had this and got rid of it?


Superantispyware (http://sawmillcreek.org/superantispyware.com) and Malwarebytes (http://sawmillcreek.org/malwarebytes.org) will both get rid of this trojan. You'll likely need to download the install files on a "clean" computer and move them to a CD or thumb drive. Newer trojans block access to these websites.

Once you boot, bring up task manager with CTRL-ALT-DEL and force-quit the trojan, then install (I'd start with Malwarebytes). If that doesn't work, try Superantispyware -- it has an alternate load option after it installs (in the program menu). That might work.

Last case scenario? Backup your important data to an external, then reformat and reinstall.

And for sure I'd recommend you get something like RKTF (Registry Keys Trash Finder) that will find and let you delete mal-ware registry keys and useless registry key entries


Cliff,

As a programmer of some 30+ years, I would be cautious about recommending anything that claimed to "clean up" the registry.

A LOT of software uses the Registry for keys etc but the Key may not point back to the originating program. Those keys could be deleted and there is no telling what affect that might have on the originating program.

Rule one for Windows, unless you REALLY know what you are doing, do not mess with the Registry.

I would be cautious about recommending anything that claimed to "clean up" the registry.

So would I.
Are you suggesting otherwise?


A LOT of software uses the Registry for keys etc but the Key may not point back to the originating program. Those keys could be deleted and there is no telling what affect that might have on the originating program.

It would appear you have not used RKTF.
I have. It is powerful good medicine.


Rule one for Windows, unless you REALLY know what you are doing, do not mess with the Registry.
Poppycock.
I started mucking about in my registry a long time ago (before I even knew about backing a registry up) and have managed to not do any harm ever. Not even as a noob.
I think you are over stating things by a rather wide margin.

I spent 8 years as a technical trainer working with several Microsoft certified trainers who ALSO worked in the real world. To a person, they wouldn't touch the registry without the appropriate technet article in hand, because it is way to easy to destroy a computers OS with a small slip in the registry.

In our company, that is our rule, and it has never failed us.

Download Spybot and AVG and run those programs. You can boot into safe mode when you run them. The virus should get removed with these programs.

Tried Spybot no luck.

Craig,
My favorite AV program is Avast (and its free!). It is routinely rated among the best of the AV programs with detecting and removing malware. Try to install it and see if it solves your issue. I've been running this program for several years with no issues on both XP and Vista machines. They also have versions available for Linux if needed. The program gets new definition file updates daily to make sure you have the latest and greatest protection.

FYI-I have no connection to Alwil/Avast....just a very happy user!

The version you download is good for 60 days with full functionality. They ask you to register with info of your choosing and will send you an activation key via any email address. After the activation key is updated, the program is good for better than a year until you request a new free key code.

http://www.avast.com/eng/download-avast-home.html

Superantispyware (http://sawmillcreek.org/superantispyware.com) and Malwarebytes (http://sawmillcreek.org/malwarebytes.org) will both get rid of this trojan.


Malwarebytes has cleaned up a couple viruses that my computer managed to catch. I keep it and AVG both on all my computers.

Superantispyware (http://sawmillcreek.org/superantispyware.com) and Malwarebytes (http://sawmillcreek.org/malwarebytes.org) will both get rid of this trojan. You'll likely need to download the install files on a "clean" computer and move them to a CD or thumb drive. Newer trojans block access to these websites.

Once you boot, bring up task manager with CTRL-ALT-DEL and force-quit the trojan, then install (I'd start with Malwarebytes). If that doesn't work, try Superantispyware -- it has an alternate load option after it installs (in the program menu). That might work.

Last case scenario? Backup your important data to an external, then reformat and reinstall.

Hi Eric, after uninstalling Norton, installing Trend Micor, Dl Spybot search and destroy nothing seemed to work. I then downloaded Superanitspyware and (knock on wood) it seemed to work. Im not getting annoying popups or getting sent to wrong search engine pages.
So thats for that software. I may still Dl Malwarebytes. I plan on keeping this stuff disable until I want to run scans so it doesnt eat up my CPU usage ( i.e slow down)

Thanks

Hi Eric, after uninstalling Norton, installing Trend Micor, Dl Spybot search and destroy nothing seemed to work. I then downloaded Superanitspyware and (knock on wood) it seemed to work. Im not getting annoying popups or getting sent to wrong search engine pages.
So thats for that software. I may still Dl Malwarebytes. I plan on keeping this stuff disable until I want to run scans so it doesnt eat up my CPU usage ( i.e slow down)

Thanks


I'm in the (ultra) minority, but I think anti-virus software -- Norton, McAfee, Kaspersky -- is worse than useless. It slows you down 100% of the time, but you get infected anyway.

I haven't used it in more than a decade -- never a problem. Yes, I pick up the occasional piece of malware, but SAS and MalwareBytes take care of that for me. Having a good backup regimen (and sticking to it) is the best defense, IMHO.

I used a registry cleaner software (I think it was called RegClean) and it wreaked havoc on my computer such that I ended up wiping the drive and performed a full reinstallation. But, that was years ago.

I just got an email from my anti-virus software company (BitDefender) introducing a new registry cleaner that is sworn to be safe. I'm considering it. I'm finding that my computers are getting slower again, and doing a reinstall is tiresome and often troublesome.

I wonder if Vista will solve some of these problems. So far, it seems to have too many confirmation dialog boxes popping up all the time. But, I wonder if Vista will reduce hysteresis.

-Jeff :)