Results 1 to 9 of 9

Thread: How can I remove "tdlwsp.dll" rootkit?

Hybrid View

  1. #1
    joems Guest

    Default How can I remove "tdlwsp.dll" rootkit?

    Zone Alarm virus scan detected the following virus, but gives an error when I try to remove it:
    "Memory: was found in \\?\globalroot\device\ide\ideport1\owprppbw\owprpp bw\tdlwsp.dll on 9/21/2009 7:35:32"

    The virus seems to be a browser hijacker. When I click on a web link, I usually get taken to some other site, often a shopping or advertising site, rather than the link I clicked on.

    What can I do to remove this virus from my system? Thanks for your help.

    Joel

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,289

    Default Re: How can I remove "tdlwsp.dll" rootkit?

    Hi!
    try to follow all steps as detailed in the sticky thread here.

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    joems Guest

    Default Re: How can I remove "tdlwsp.dll" rootkit?

    Hi Fax,

    Sorry if I'm being dense, but where's the "sticky thread"? I didn't see a link in your reply.

    Thanks again,
    Joel

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,289

    Default Re: How can I remove "tdlwsp.dll" rootkit?

    It is just the first message in this page. it is always there. It is sticky and will be always the first in the "malware discussion" section

    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5
    joems Guest

    Default Re: How can I remove "tdlwsp.dll" rootkit?

    I followed the steps in the Sticky note, but I've still got the virus. Zone Alarm detects it, but can't remove it (still give an error). MBAM detects it, says it will remove it on reboot, but the virus is still there after I reboot (I know this because MBAM detects it again after I reboot and run a scan, and my browser continues to be hijacked). Super-antispyware doesn't detect it.

    I'm currently running Zone Alarm 8. Do you think Zone Alarm 9 would be able to remove it? Any other ideas on how I can get rid of this virus?

    Thanks,
    Joel

  6. #6
    Hiero2 Guest

    Default Re: How can I remove "tdlwsp.dll" rootkit?

    Joe:

    I've got a machine suffering from a similar RAM resident dll virus/trojan. Mine hijacks the default browser to fake AV ransome-ware web sites. I've been unsuccesfull in cleaning it, and I believe that there is ultimately only the final solution: wipe the hdd and reinstall.

    I could be mistaken, but I'm pretty sure that this type of trojan has been built with the old RAM resident viruses capacity of hiding in RAM until shutdown, then writing to the hard drive, possibly even to the boot area. It's been so long since I've dealt with these, I've forgotten how they worked!

    Regardless, this is not usually the answer somebody prefers to hear (reboot from CD, format, and reinstall), but it may be your best solution.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •