Author Topic: Found TDL4 Aluroot but can't remove  (Read 19940 times)

0 Members and 1 Guest are viewing this topic.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Found TDL4 Aluroot but can't remove
« Reply #30 on: November 17, 2011, 09:30:33 PM »
What are your current problems ?

masterchef

  • Guest
Re: Found TDL4 Aluroot but can't remove
« Reply #31 on: November 17, 2011, 09:52:54 PM »
First of all I want to thank you for all your help so far - you've been awesome  :)

One problem I have is that my All Programs tab from the Start menu has been stripped right back to about 20 progs, where it had maybe 100 or more previously (they still all appear to be in my program files folder luckily).

But the biggest problem is the Microsoft Office Accounting 2008 package that won't load up any more because a 'critical file is missing' (I mentioned this in an earlier post). I'm self employed and rely on that package completely. It was a download from Microsoft a few years ago. On attempting to reinstall I get a message saying the a source file is missing.

I found somewhere to download it again but am worried my existing data (invoices/records etc) might be deleted upon reinstalling. Any thoughts?


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Found TDL4 Aluroot but can't remove
« Reply #32 on: November 17, 2011, 09:57:28 PM »
What is the name of the file that is missing ?

Lets see if we can recover the missing elements

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Quote
    :files
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C


    :Commands
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

masterchef

  • Guest
Re: Found TDL4 Aluroot but can't remove
« Reply #33 on: November 17, 2011, 10:12:00 PM »
Unfortunately I don't know the missing file name :(

Will run the scan anyway!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Found TDL4 Aluroot but can't remove
« Reply #34 on: November 17, 2011, 10:15:52 PM »
If you could try to find out which file is missing I may be able to rustle it up

The other alternative would be to use a free office package and transfer the data across

masterchef

  • Guest
Re: Found TDL4 Aluroot but can't remove
« Reply #35 on: November 17, 2011, 10:32:01 PM »
Nearly there, don't go away! Just a couple more minutes....

masterchef

  • Guest
Re: Found TDL4 Aluroot but can't remove
« Reply #36 on: November 17, 2011, 10:34:25 PM »
Okay here it is - see attached

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Found TDL4 Aluroot but can't remove
« Reply #37 on: November 17, 2011, 10:44:52 PM »
That looks to have brought some files/folders back, how does it look to you ? 

masterchef

  • Guest
Re: Found TDL4 Aluroot but can't remove
« Reply #38 on: November 17, 2011, 10:51:33 PM »
Still not many programs in the All programs tab but to be honest, I don't mind! Just really happy to be rid of that nasty trojan. No idea how I got it - only recent downloads were an update to BBC iplayer and Adobe Air.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Found TDL4 Aluroot but can't remove
« Reply #39 on: November 17, 2011, 10:56:25 PM »
There are many and varied ways to get but most rely to some degree on social engineering and get attached to updates

Let me know how it is behaving tomorrow and if you are happy I will tidy up

masterchef

  • Guest
Re: Found TDL4 Aluroot but can't remove
« Reply #40 on: November 17, 2011, 10:57:52 PM »
Will do!

masterchef

  • Guest
Re: Found TDL4 Aluroot but can't remove
« Reply #41 on: November 18, 2011, 11:55:48 PM »
Very happy! All running well and got my accounts prog up and running again  ;D

masterchef

  • Guest
Re: Found TDL4 Aluroot but can't remove
« Reply #42 on: November 19, 2011, 12:02:32 PM »
Quick update - just logged into my yahoo mail and at 00.04 this morning a load of spam was sent out from my account! I had a bunch of bounces which alerted me to it and when I checked my sent items it was all in there! I take it this means that the trojan has been sending my passwords out?! Just changed all passwords.....


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Found TDL4 Aluroot but can't remove
« Reply #43 on: November 19, 2011, 01:44:55 PM »
Yes change all the passwords, although this may not be related as a lot of spammers try to brute force passwords for webmail so that they can blame someone else for the spam

masterchef

  • Guest
Re: Found TDL4 Aluroot but can't remove
« Reply #44 on: November 19, 2011, 02:00:35 PM »
Agghhhhhhhh! Just ran a full scan with Avast (just to be sure all was okay) and it found the dreaded Aluroot rkt again! I selected delete and it's now running a boot-time scan before restarting...