Announcement

Collapse
No announcement yet.

Rootkit using SPTD

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Rootkit using SPTD

    I struggled for months to get rid of a browser redirect virus. It's characteristic was that it hijacked google-analytics to 93.115.241.28 and so it would hijack my clicks to unintended sites. I have no idea how I got it, but finally 'TDSSKILLER' found the problem in the daemon SPDT file. I removed it and then reinstalled daemon lite. That seems to have fixed my problem!

  • #2
    Some TDSSKiller versions rate SPTD as locked/suspicious (which is normal due to it's functional principle), but not malicious/infected.
    But for the sake of completeness: i've also read once about a TDL3 infection on SPTD.sys.
    Do you still have the TDSSKiller log file in C:\ ?
    I'm not employed by Disc Soft and my views do not necessarily reflect the ones of the company.

    Comment


    • #3
      As you say,TDSSKiller labeled it locked/suspicious. The significant thing to me is that after I removed it and reinstalled DT, the redirect was gone AND tdsskiller no longer noted it. BUT - since then, I now have the problem back!! Now tdsskiller does not find anything, but ping of google-analytics takes me to 173.194.73.106 At this point I am totally frustrated!

      Comment


      • #4
        Again: do you still have the TDSSKiller log file ?

        Personally i would install from scratch with such a compromised system.
        You never know how many backdoors have been opened so far.

        As an interim solution you can try the sledgehammer app 'Combofix' AFTER you've made backups of important data.
        ComboFix Download
        Combofix deletes and resets many things without asking so use it at your own risk.
        I'm not employed by Disc Soft and my views do not necessarily reflect the ones of the company.

        Comment

        Working...
        X