5 replies to this topic

[matrixdude171]

I've run MBAM, Live OneCare, Microsoft Essentials, Norton, Avast, etc, and none of them can get rid of this. MBAM finds it and gets rid of it but it's always back when I reboot, same goes for Avast, and all of Microsoft's tools. I'm really fustrated with this rootkit because it always comes back upon reboot, can someone please help me?

[John R.]

Yep, I have had the same thing for about a month. And we are not alone. It seems to be cropping up all over recently. I've been researching it and see lots of chatter about it. I've seen HJT logs galore and pages and pages of posts with every kind of tool out there being suggested and posting log after log from these tools in virus/malware/trojan forums, and lots of experts trying to help, but so far the only solution I have seen that worked for anyone is reformatting and reinstalling the OS.

Some malware programs seem to identify it (Windows Defender found it for me) and they say they are removing it, but it comes back immediately.

To my knowledge, no one has a fix for this yet. It's the toughest one I have ever seen.

This file:
tdlwsp.dll

Is part of the problem. But there is obviously more to it.

Someone needs to get on this one and post some serious information (or hopefully a tool!) about removal.

[matrixdude171]

I've seen other forums solve it, which is why I've been going around trying to get help. The avast antivirus forum doesn't know any way to fix it if you can't run rootrepeal, which keeps on freezing on me.

[John R.]

I've read a lot of forums about it and seen books full of logs posted. I've seen a few that seem to have "solved" it, but I'm not convinced they did because the solutions made no sense. I'll bet if you followed up with those people you would find out it came back.

After pages and pages of logs, most of the "solutions" I have seen involved giving up and reformatting.

I haven't seen anything that convinces me that anyone has a reliable solution for this yet.

A number of free and commercial products seem to be able to find it, but none I have read about are able to remove it (even though they say they do). So clearly even the people who design these things still don't have a handle on it. And if these guys don't know how to fix it, who does?

[screen317]

Hi and welcome to Malwarebytes.

My apologies for the delay. Do you still need help?

-screen317

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!