This is another reason why i dont use windows no more , this is a windows experience i had
this is a 3rd generation tdl rootkit (tdl3)
for 1 week i fought with this nasty wee rootkit, tried loads of online scanners rootkit scanners nothing helped, then i searched for .dlls viewed by date found a couple which looked shady googled em and sure enuff, malware, after deleting them i was still getting redirects, and the bugger fried a 250gb hdd external drive, by writing malicious code to disk so i lost all the data, was full of bad sectors never seen a hdd so corrupt, also i noticed that my c drive was not showing in disk management, and all drive letters in removable drive ports had exclamation marks, tried updating drivers to no avail, all the while still getting redirects in google search from directdr.com and urbtk.com everyone told me to format c and i was just about to when i thought id roll the dice once more, id read on forums that combofix wouldnt run on windows 7, as i was gonna format i decided to give it a go, if anyone trying this fix please disable all scanners av & adware and firewall/win defender, i ran combofix in safe mode, got a warning about compatibility issues then a box telling me the combofix was only a beta build, i clicked yes to let it proceed, very important not to touch your keyboard or mouse unless promped whilst combofix is running, it had barely started the scan when “rootkit activity detected” combofix needs to reboot ur machine, i let it boot into normal mode combofix carried on till it f inished its 50 stages then told me nvstor.sys was infected and disenfected (explains the hdd issues) its the hdd controller since then (yesterday)machine running like new, once completed search for .tdl files on c yk62x86.dll vp7vfw.dll umstartup.etl startup.etl. nvstor.sys [affected tdl3 files] 3 cheers for combofix only thing that found and killed this nasty wee sleekit beastie,
p.s * stay away from cracks/keygens , crack really does f**k you up ‘
* Sysinternals Forums – Rootkit TDL 3 – Page 1
hijack this gmer are usless against this so are most av scanners, hitman pro 3.5 detects and removes TDL3/4 rootkits, i stick with combofix, apparently this rootkit is spreading like wildfire. it goes undetected as it enters via spools.exe which is a trusted windows file, then injects malicious code into winlogon.exe, if ur av has flagged any activity in spools folder lately u been bitten, took me 1 week 2 clean i wouldnt give in everyone tellin me 2 format and reinstall but my motto is “no surrender”
if you use the windows machine for online banking/shopping i recommend formatting and doing a clean install, some backdoors in windows just cant be closed.