Jump to content


Photo

[resolved] How Do I Delete Rootkit Mbr Tdss.b


  • This topic is locked This topic is locked
35 replies to this topic

#1 mercol

mercol

    Newbie

  • Members
  • 3 posts

Posted 08 May 2011 - 10:03 AM

i have virus . it s name is : rootkit mbr tdss.b ( boot image) in all drive
how i delete it .
i use in windowse scan ...
then and i scan in boot with bidefnder Rescue Disk
but not delete it
how i delete it
this is massage anti viruse :



#2 mercol

mercol

    Newbie

  • Members
  • 3 posts

Posted 08 May 2011 - 01:04 PM

[quote name='mercol' date='May 8 2011, 11:03 AM' post='111127']
i have virus . it s name is : rootkit mbr tdss.b ( boot image) in all drive
how i delete it .
i use in windowse scan ...
then and i scan in boot with bidefnder Rescue Disk
but not delete it
how i delete it
this is massage anti viruse :

Attached Files

  • Attached File  45.jpg   20.63KB   6 downloads


#3 Cristi

Cristi

    Technical Support

  • Technical Support
  • PipPipPipPipPip
  • 1,575 posts
  • Gender:Male
  • Location:BD HQ

Posted 11 May 2011 - 07:00 PM

Hello mercol,

I have sent you an email containing a removal tool for this type of virus.
Please reply back when you can and let me know what happened.

#4 Rampant

Rampant

    Frequent Poster

  • Regular Bitdefender Poster
  • PipPipPip
  • 853 posts
  • Gender:Male
  • Location:Russia, Novosibirsk
  • Interests:IT safety

Posted 15 May 2011 - 10:29 AM

I will be grateful too, for the given utility. And why it is not a part of an antivirus?

#5 Cristi

Cristi

    Technical Support

  • Technical Support
  • PipPipPipPipPip
  • 1,575 posts
  • Gender:Male
  • Location:BD HQ

Posted 15 May 2011 - 11:18 AM

QUOTE (Rampant @ May 15 2011, 11:29 AM) <{POST_SNAPBACK}>
I will be grateful too, for the given utility. And why it is not a part of an antivirus?


Is your system infected with this virus?
This is a MBR infection which is not that simple to remove.
For the moment we have created a removal tool and the removal will be implemented in the product soon.

#6 Rampant

Rampant

    Frequent Poster

  • Regular Bitdefender Poster
  • PipPipPip
  • 853 posts
  • Gender:Male
  • Location:Russia, Novosibirsk
  • Interests:IT safety

Posted 15 May 2011 - 02:48 PM

QUOTE (Cristi Raducu @ May 15 2011, 04:18 PM) <{POST_SNAPBACK}>
Is your system infected with this virus?

Not quite, I have been doing tests, and would like to have similar tools, and from BitDefender.

#7 garygould

garygould

    Newbie

  • Members
  • 1 posts

Posted 15 May 2011 - 05:26 PM

QUOTE (Cristi Raducu @ May 11 2011, 08:00 PM) <{POST_SNAPBACK}>
Hello mercol,

I have sent you an email containing a removal tool for this type of virus.
Please reply back when you can and let me know what happened.


I have the same problem with rootkit.mbr.tdss.a

#8 jgurz

jgurz

    Newbie

  • Members
  • 1 posts

Posted 15 May 2011 - 07:26 PM

QUOTE (Cristi Raducu @ May 15 2011, 05:18 AM) <{POST_SNAPBACK}>
Is your system infected with this virus?
This is a MBR infection which is not that simple to remove.
For the moment we have created a removal tool and the removal will be implemented in the product soon.

I too have this wonderful virus on my system. Can you help with this.

Thanks

#9 Cristi

Cristi

    Technical Support

  • Technical Support
  • PipPipPipPipPip
  • 1,575 posts
  • Gender:Male
  • Location:BD HQ

Posted 16 May 2011 - 11:40 AM

I have created this topic where you find the removal tool along with instructions on how to run it:

http://forum.bitdefe...showtopic=26540

#10 mcc57

mcc57

    Newbie

  • Members
  • 1 posts

Posted 16 May 2011 - 04:25 PM

When I attempt to run this, I get a message that says "The service cannot accept control messages at this time." What do I do? Thank you.

#11 Cristi

Cristi

    Technical Support

  • Technical Support
  • PipPipPipPipPip
  • 1,575 posts
  • Gender:Male
  • Location:BD HQ

Posted 17 May 2011 - 10:34 AM

QUOTE (mcc57 @ May 16 2011, 05:25 PM) <{POST_SNAPBACK}>
When I attempt to run this, I get a message that says "The service cannot accept control messages at this time." What do I do? Thank you.


Please post a screenshot showing the error message along with a couple of more info:

-> the name of your operating system
->did you run the tool in normal mode or safe mode?
->do you have administrative rights on that PC?

#12 Rampant

Rampant

    Frequent Poster

  • Regular Bitdefender Poster
  • PipPipPip
  • 853 posts
  • Gender:Male
  • Location:Russia, Novosibirsk
  • Interests:IT safety

Posted 18 May 2011 - 06:17 PM

Conducted test with by the rootkit, the system after the treatment of your utility is not loaded, you can comment?



#13 KIRGOFF

KIRGOFF

    Newbie

  • Members
  • 19 posts

Posted 18 May 2011 - 06:22 PM

oh.. Bitdefender 2012 can disinfect a mbr? please answer

#14 Cristi

Cristi

    Technical Support

  • Technical Support
  • PipPipPipPipPip
  • 1,575 posts
  • Gender:Male
  • Location:BD HQ

Posted 19 May 2011 - 11:39 AM

QUOTE (Rampant @ May 18 2011, 07:17 PM) <{POST_SNAPBACK}>
Conducted test with by the rootkit, the system after the treatment of your utility is not loaded, you can comment?



Interesting test.
We've made the exact same steps and everything worked just fine.
To provide you an accurate answer we require the virtual image.

#15 Cristi

Cristi

    Technical Support

  • Technical Support
  • PipPipPipPipPip
  • 1,575 posts
  • Gender:Male
  • Location:BD HQ

Posted 19 May 2011 - 12:00 PM

QUOTE (KIRGOFF @ May 18 2011, 07:22 PM) <{POST_SNAPBACK}>
oh.. Bitdefender 2012 can disinfect a mbr? please answer


Yes,it can.

#16 KIRGOFF

KIRGOFF

    Newbie

  • Members
  • 19 posts

Posted 19 May 2011 - 01:30 PM

QUOTE (Cristi Raducu @ May 19 2011, 12:00 PM) <{POST_SNAPBACK}>
Yes,it can.



Rampant, please test it!

#17 KIRGOFF

KIRGOFF

    Newbie

  • Members
  • 19 posts

Posted 19 May 2011 - 06:06 PM

I Make it.See

Platform: VMWARE WORKSTATION

Windows 7 x32

infect test platform with tdl4 , make a full system scan with bitdefender 2012 beta.

See a screenshots :

result:

http://i4.imageban.r...5cbee4f4ced.jpg

http://i3.imageban.r...29a2b9f17a6.jpg

---------------------------------------

don't delete

http://i1.imageban.r...8ca956797aa.jpg

----------------------------------------

dont move to quarantine

http://i4.imageban.r...c1b9f345374.jpg

---------------------------------------

what i must to do?

http://i2.imageban.r...dd7cc977d85.jpg

---------------------------------------

reboot, and scan with Hitman Pro

http://i4.imageban.r...93d56b5a74c.jpg

---------------------------------------

result: bitdefender 2012 beta dont clean MBR


I POST IT IN THE http://bd2012beta.be...com/thread/5594

virus sample in the topic http://bd2012beta.be...com/thread/5594

Edited by KIRGOFF, 19 May 2011 - 06:08 PM.


#18 Cristi

Cristi

    Technical Support

  • Technical Support
  • PipPipPipPipPip
  • 1,575 posts
  • Gender:Male
  • Location:BD HQ

Posted 19 May 2011 - 07:06 PM

You asked whether if it can disinfect a MBR and you did not reefer to TDL.
TDL at this moment can be disinfected only using that removal tool.

Your question was general like: Can it delete viruses?

#19 KIRGOFF

KIRGOFF

    Newbie

  • Members
  • 19 posts

Posted 19 May 2011 - 07:09 PM

QUOTE (Cristi Raducu @ May 19 2011, 08:06 PM) <{POST_SNAPBACK}>
You asked whether if it can disinfect a MBR and you did not reefer to TDL.
TDL at this moment can be disinfected only using that removal tool.


bitdefender 2012 when it be in realise, can disinfect tdl ? please make it function!!!

#20 KIRGOFF

KIRGOFF

    Newbie

  • Members
  • 19 posts

Posted 19 May 2011 - 07:11 PM

or integrate removal tool into bitdefender 2012!

i am from Russia, i know english not good)

Edited by KIRGOFF, 19 May 2011 - 07:16 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users