Skip to main content
Topic: "Win32.TDSS.rtk" trojan (Read 2987 times) previous topic - next topic

"Win32.TDSS.rtk" trojan

problem-
PC would lock up, shut down on its own, navigate slow, present various errors up shut down, open multiple IE-screens when IE clicked.

Spybot would not update, would not finish scan no matter which account used. 

PC was always busy making noise like it was doing something.  Task manager shows only 28 processes and 98% showing up on Idle.


troubleshooting-
found files to manually delete by checking spybot home page.  Could not find the registry files spybot called out.  Spybot warned that hte files may be hidden using some sort of root something or another technology.

could not find any files in my hd containing any text within the registry files spybot called out using a global search with "show all hidden folders and files"

Solution-
reinstalled spybot
started pc in safemode (f5)
ran spybot in safemode
trojan found and fixed.

ran spybot in normal mode, took in an update, no problems found.


just thought id share this because this bugger was very hard to find.

"Win32.TDSS.rtk" trojan

Reply #1
Spyware/malware can be so fun :D I'm ALWAYS having to remove it from my sister's computer. Her 12 year old daughter gets all the blame for messing the thing up, but I know better. Matter of fact, the last time I set up her computer for her (a week ago) I created a limited account with no admin privileges for her daughter. Three days later the computer was infected again :hick:

The problem with spyware/malware is that once the computer has been infected it cannot be trusted again until after a full format/reinstall. You may think you've gotten rid of it, but there could still be a hidden file or rootkit somewhere logging your keystrokes, or sending out personal info, or even downloading kiddie porn or something gross like that. I keep telling my sister to not do any online banking or transactions involving money on her computer because of her prospensity to get infected with spyware.
2015 Mustang GT Premium - 5.0, 6-speed, Guard Green - too much awesome for one car

1988 5.0 Thunderbird :birdsmily: SOLD SEPT 11 2010: TC front clip/hood ♣ Body & paint completed Oct 2007 ♣ 3.55 TC rear end and front brakes ♣ TC interior ♣ CHE rear control arms (adjustable lowers) ♣ 2001 Bullitt springs ♣ Energy suspension poly busings ♣ Kenne Brown subframe connectors ♣ CWE engine mounts ♣ Thundercat sequential turn signals ♣ Explorer overhead console (temp/compass display) ♣ 2.25" off-road dual exhaust ♣ T-5 transmission swap completed Jan 2009 ♣

"Win32.TDSS.rtk" trojan

Reply #2
reason # 78 why I stopped using a pc for internet and switched to a Mac.
I got those things all the time. in fact some were straight from the windows 2000 updater
[SIGPIC][/SIGPIC]
***** Project "EVOLUTION" 1987 Cougar LS  & 1985 Cougar Convertible *****
[/COLOR]
5.0 HO 306 roller block, machined GT-40P heads, Wiseco dished forged pistons, Eagle forged floating I-beam connecting rods, Lunati pushrods, ARP bolts, Scorpion aluminum 1.6 rockers, Comp Cams Magnum 266HR, Explorer intake, 65mm TB, MAF Conversion, 19# injectors, Ford Racing stainless P-headers, 2-1/2" cat-less exhaust w/ Flowtech Afterburner lers , SC AOD with 2800 BDR torque converter, 3.73 T-Lok rear, CHE rear control arms, full 2-1/2" frame w/1" jacking rails & seat supports, Rear disk brakes, Turbine wheels, All original interior w/ floor shift upgrade .......
Pretty much every panel on my 87 is new, rebuilt, or re constructed. :D
Join us on Facebook
http://www.facebook.com/home.php?sk=group_137541156293768&ap=1

"Win32.TDSS.rtk" trojan

Reply #3
Firefox FTW!
-- 05 Mustang GT-Whipplecharged !!
--87 5.0 Trick Flow Heads & Intake - Custom Cam - Many other goodies...3100Lbs...Low12's!

"Win32.TDSS.rtk" trojan

Reply #4
Quote from: daminc;274919
reason # 78 why I stopped using a pc for internet and switched to a Mac.
I got those things all the time. in fact some were straight from the windows 2000 updater
Funny, I've been using PC's for almost two decades and have been affected by exactly one virus, approximately 10 years ago. Oh hell, now I feel old - it was more like 12 years ago. I've never had spyware on my own computer. I run AVG Free antivirus and no anti spyware software. I don't need anti spyware software because I don't get spyware - spyware are like vampires: You have to let them in before they can hurt you ;) (and thankfully I'm the only one who uses my computers)

Quote from: V8Demon;274920
Firefox FTW!
Yet another thing I've been trying to convince my sister. MSIE and its activex controls are just doors waiting to be opened.
2015 Mustang GT Premium - 5.0, 6-speed, Guard Green - too much awesome for one car

1988 5.0 Thunderbird :birdsmily: SOLD SEPT 11 2010: TC front clip/hood ♣ Body & paint completed Oct 2007 ♣ 3.55 TC rear end and front brakes ♣ TC interior ♣ CHE rear control arms (adjustable lowers) ♣ 2001 Bullitt springs ♣ Energy suspension poly busings ♣ Kenne Brown subframe connectors ♣ CWE engine mounts ♣ Thundercat sequential turn signals ♣ Explorer overhead console (temp/compass display) ♣ 2.25" off-road dual exhaust ♣ T-5 transmission swap completed Jan 2009 ♣

"Win32.TDSS.rtk" trojan

Reply #5
My dad picked up a nasty virus about a month ago (the "Windows XP Security Center" one). He was using the latest Firefox, updated with all security, etc.

I don't know what he clicked on to get the virus, but there it was nonetheless. Even safe mode was disabled. Took the PC into work and had them work on it...so far so good. We upgraded it with Kaspersky AV also.

"Win32.TDSS.rtk" trojan

Reply #6
Is he still running XP?  I had nothing but problems with XP.  I'm one of the few that prefers Vista, especially the 64 bit on the laptop.
-- 05 Mustang GT-Whipplecharged !!
--87 5.0 Trick Flow Heads & Intake - Custom Cam - Many other goodies...3100Lbs...Low12's!

"Win32.TDSS.rtk" trojan

Reply #7
Yeah, it's XP. His PC is older and wouldn't handle Vista anyway. Honestly, for the reasons why he needs a computer, he'd probably be better off with one of my old Macs. But the fact that he knows how to switch it on, do his work, and shut it down just impresses me more than anything. :)

"Win32.TDSS.rtk" trojan

Reply #8
My mother in law clicks on just about ANY window that pops up.....No matter how many times we tell her....Thankfully she doesn't touch my 2 PC's...
-- 05 Mustang GT-Whipplecharged !!
--87 5.0 Trick Flow Heads & Intake - Custom Cam - Many other goodies...3100Lbs...Low12's!

"Win32.TDSS.rtk" trojan

Reply #9
Quote from: V8Demon;274963
My mother in law clicks on just about ANY window that pops up.....No matter how many times we tell her....Thankfully she doesn't touch my 2 PC's...


same problem with wife, cliick, click ,click, yes,yes,yes,install, accept.... get out of my way I'm on the internet lol

Now I got me a nice shinny macbook and theres nothing for her to click anymore :)

She's taking a summer online class and it was PC only so I bought  vmware fusion and installed windows 7 rc on the macbook so she can do this online class.. It runs both os very well I think I'm going to order 2 gigs more of ram just to be on the safe side because I'd hate to see it have problems around finals time.
[SIGPIC][/SIGPIC]

"Win32.TDSS.rtk" trojan

Reply #10
Quote from: EricCoolCats;274960
My dad picked up a nasty virus about a month ago (the "Windows XP Security Center" one). He was using the latest Firefox, updated with all security, etc.

I don't know what he clicked on to get the virus , but there it was nonetheless. Even safe mode was disabled. Took the PC into work and had them work on it...so far so good. We upgraded it with Kaspersky AV also.
I bet I know exactly how he got the virus (it's not technically a virus, BTW, it's "ransomware" - frigging up your PC until you pay to fix it). He likely visited a website, a popup appeared saying his PC was loaded with viruses and to "click here to fix the problem". He clicked it, thinking he was fixing the problem, when in fact he was "inviting the vampire in", so to speak.

When you get a chance, install the Adblock Plus plugin for Firefox for him. It'll block 90% of web page ads, including ads that are really invitations to download malware.
2015 Mustang GT Premium - 5.0, 6-speed, Guard Green - too much awesome for one car

1988 5.0 Thunderbird :birdsmily: SOLD SEPT 11 2010: TC front clip/hood ♣ Body & paint completed Oct 2007 ♣ 3.55 TC rear end and front brakes ♣ TC interior ♣ CHE rear control arms (adjustable lowers) ♣ 2001 Bullitt springs ♣ Energy suspension poly busings ♣ Kenne Brown subframe connectors ♣ CWE engine mounts ♣ Thundercat sequential turn signals ♣ Explorer overhead console (temp/compass display) ♣ 2.25" off-road dual exhaust ♣ T-5 transmission swap completed Jan 2009 ♣

"Win32.TDSS.rtk" trojan

Reply #11
Thanks Carm, I just installed Adblock on mine..I don't have a lot of ads popup, but the ones that do are ed annoying.

Thanks again!
'84 Mustang
'98 Explorer 5.0
'03 Focus, dropped a valve seat. yay. freakin' split port engines...
'06 Explorer EB 4.6

"Win32.TDSS.rtk" trojan

Reply #12
what a joke:D
how many replies here on topic:hick: