TDSS, TDSServ and Other Rootkit Removal

This post was written by admin on August 15, 2009
Posted Under: Free PC Security,Free Program,TDSS Removal,TDSServ Removal

Click here for updated TDSS Removal

TDSS, TDSServ and other associated rootkits have infected a lot of computers. They are frequently installed by rogue applications or as simple 'driveby' downloads.

Removing them has always been a pain in the butt and cause a lot of frustration to those who are infected with them, often blocking security programs, renaming files and folders and redirecting browser searches.

I have previously covered different methods for removing malware infections, ranging from cleaning the Hosts file and renaming EXE files to using Process Explorer to kill running processes.

There is one program available, which is free, which will remove many rootkits including TDSS and its variants:  AVG Anti-Rootkit from AVG Technologies

AVG discontinued the standalone Anti-Rootkit with the release of AVG V8 and incorporated it into the paid version only.

The last update to the Anti-Rootkit standalone program was in February 2009, but it remains a powerful rootkit remover.

The Rootkit Remover link is at the end of this article, but firstly, clean your temporary files, either use CCleaner or clean manually as follows:

If using Vista:

  • Click on Start, type the following command in the search box, and then hit the Enter key. %temp% This command will open the folder that is designated as the Temporary folder.
  • To remove everything inside the Temp folder, click on the Organize button and then choose Select All from the menu.  If  prompted that there are hidden files in this folder, just click on OK to bypass the message.
  • Then hit your Delete key or click the Organize button on the toolbar menu, followed by the Delete option. You will probably be prompted to confirm that you wish to Delete Multiple Items. Click on Yes to confirm.
  • After all of the files have been deleted you can close the folder window and empty your Recycle Bin, permanently removing the files from your PC.

If using XP:

  • Click on Start and then Run.
  • In the text box in the Run window, type %Temp% and click OK. A folder full of files and other folders will open. All of the folders and files you see in this Temp folder are no longer being used by Windows XP and can safely be deleted.
  • To remove everything inside the Temp folder, choose Edit and then Select All from the menu.  If you are prompted that there are hidden files in this folder, just click on OK to bypass the message.
  • Now that all of the files and folders are selected, hit your Delete key or choose File and then Delete from the menu.
  • Confirm deletion by clicking Yes on the Confirm Multiple File Delete window that opens.
  • After all of the files have been deleted you can close the window and empty your Recycle Bin, permanently removing the files from your PC.

In either case, you may receive a 'Error Deleting File or Folder' message while the files are being deleted. This is because one of the files is in use by a program. Click OK, close all open programs, and repeat the steps above. If you still receive the message, try rebooting your PC and repeating the process again.

Double click the 'avgarkt-setup' to install AVG Anti-Rootkit, you must then reboot to complete the installation.

Important Note:
If using Vista you need to turn off UAC first or AVG Anti-Rootkit won't run.

Once you have rebooted if you have a rootkit infection, open Task Manager and click on TDSS.exe, TDSServ.exe or other strange applications such as install.exe or install[1].exe and click End Process.

There should be an AVG Anti-Rootkit Free shortcut on the desktop, simply double click to run and click on 'Perform in-depth search',  select your drive(s) and remove all that it finds.

Please be patient and allow the program to fully scan your drive.

Follow this by downloading Norman Malware Cleaner, install and run the program which will remove ALL infections found.

Also carry out an Intelli-Scan with Spyware Doctor. It's part of Google pack so I would suggest that you untick ALL boxes except Spyware Doctor and uninstall Google Updater after installation through Add / Remove programs.

Download Spyware Doctor Starter Edition here
Download AVG Anti-Rootkit Free Here

Related article:
TDSS Removal - Updated September 2009

AddThis Social Bookmark Button

Surf Safer, Surf with WOT - Click Here or the links below

Internet ExplorerWeb of Trust for Internet Explorer

FirefoxWeb of Trust for Firefox

Google ChromeWeb of Trust for Google Chrome

OperaWeb of Trust for Opera

, , , , ,

Vote this page

topvotes.appspot.com

Add a Comment

required, use real name
required, will not be published
optional, your blog address

IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)

What is 5 + 11 ?
Please leave these two fields as-is:
CommentLuv badge
Please leave these two fields as-is:

Protected by Invisible Defender. Showed 403 to 11,628 bad guys.

Next Post:
Previous Post:
Get Adobe Flash playerPlugin by wpburn.com wordpress themes