TDSS modified by boot entry

[Legalegl]

I am using Windows 7 Home Premium.
I was attacked by TDSS and removed it with the Norton Removal Tool. However the computer would not get to the login after that. System restore would not restore and I was stuck
After several hours on the web I found that I could hit the F10 key on startup and would be able to edit the boot entry...which was
[NOEXECUTE -OPTIN /MINIT ] I deleted the /MINIT entry and the computer restarted fine. However I have to do this every time I restart the computer and BCDEDIT to modify anything would be deadly for me..though I did make a backup.
Is there anyway to edit the bootup options to save the changes ? I looked at EasyBCD but don't have a clue what to do. Thanks

[Zonie]

To clarify, are you talking about the boot.ini file or are you asking about the MBR. Usually a TDSS virus affects the MBR and has to be cleaned with something like TDSSKiller, or you have to boot with the OS cd and go into the recovery console and run the fixmbr command. None of this is a guarantee since there is a new TDSS virus that requires a complete wipeout and reinstall.

[Legalegl]

It's the MBR since this is Windows 7. I don't know how to edit out the change.
I wish it was boot.ini, then I could clear it up in Notepad ! I wish Windows had a better idea !
I can continue running F!0 at startup, but it's an aggravation if I don't get to it soon enough it tries to do a repair...and always fails.

Thanks

[Legalegl]

My error. The problem is in the BCD boot configuration data which is a replacement for the old boot.ini in Windows 7. BCDedit works with it but is entirely indecipherable to me. EasyBCD has no way to modify that particular enty that I can see.

[Platypus]

Legalegl, I'd recommend following through with the assistance of Broni on VirtualDr. Cross-currents from two streams of advice can be confusing and counterproductive, and Broni is a capable and thorough malware analyst.

While automatic malware removal tools are useful, their actions may leave side issues or variant strains not fully eradicated, and the scan logs requested by Broni are the only way to be completely sure what's happening and to know you're fully clear of the infection.

[Legalegl]

I did end up using the Bootrec.exe per microsoft.

bcdedit /export c:\BCD_Backup
c:\
cd boot
attrib bcd -s -h -r
ren c:\boot\bcd bcd.old
bootrec /RebuildBcd

It was suggested to me by a poster on Virtual Dr., and it worked perfectly.
I wish I had posted earlier on VirtualDr, and here as I might not have had the problem in the first place...Alles van die beste

[Legalegl]

My apologies. It was a post from Microsoft Answers, not Virtual Dr.
The response from Windrivers and VirtualDr were both rapid and important as I was in a real quandry. Thanks again.

[slgrieb]

Glad you got your system working, but most Windows 7 Boot issues can be resolved by running the Startup Repair tool. I hope you don't misunderstand me, but many users want to over-complicate the repair process. These days, most third party utilities and tools are either unnecessary, or dangerous.

[Legalegl]

I agree. Windows ran many times with startup repair, and failed continually. It would have been successful except for the bad boot entry. System restore failed as well as all other options.
I looked all over for a way to save the changes made with the F10 option on startup, which would have been an easy way to fix the system...but no luck.a

Thanks

[Niclo Iste]

TDSS has recently been modified and is reported to be a bit stronger than before. I haven't gotten to test yet since this report but last time I used it Kaspersky's TDSS Killer does wonders on this nasty. I suggest running that and then following slgrieb's advice.