Comments on: Removing and Cleaning Up TDSS Guide for 1/2010

By: Josh

Josh — Fri, 25 Jun 2010 11:43:56 +0000

TDSSKiller has gotten a lot better at removal since last update, months went by where it was essentially useless. GMER and Rootrepeal usually can rip through most generic system file modifications, but the rest you either need something like Combofix or resort to pre-windows environments. BTW, posts up there say that Kaspersky brought PC to a crawl… Kaspersky is moderately heavy on resources, especially at first until the drive is indexed by engine, but it wouldn’t make the machine slow down to a crawl unless there was competing software.

By: Shane

Shane — Sat, 12 Jun 2010 05:27:18 +0000

Kaserpsky detected and cleaned my friends TDSS infection, but IE would still redirect to other sites. After much fussing around, turns out the “hosts” file in the \WINNT\system32\drivers\etc had been highly modified by the trojan. To fix this, either copy a hosts file from a known good system without redirects or Dr. Web Cureit will detect a modified hosts file and offer to reset it for you.

By: Daniel Snyder

Daniel Snyder — Fri, 28 May 2010 07:17:47 +0000

Yeah TDSSKILLER from Kaserpsky only works in some cases. The TDSS rootkit is mutating by its developers quicker than Kaspersky can keep up. Manual removal is the best way. Tools like the mentioned Dr. Web Cureit!, OTL and combofix are effective.

By: Daniel Snyder

Daniel Snyder — Fri, 28 May 2010 07:16:18 +0000

I posted my procedure for dealing with TDSS on my blog here http://www.infocarnivore.com/2010/05/19/defeated-backdoor-tdss-565/

By: richard

richard — Sat, 30 Jan 2010 18:39:49 +0000

my pc was infected about a month ago with a tdss trojan(packer) i had loads of rogue pc scanners one in particular pc security(fake windows)unfortunately my wife bought the product which is what they wanted anyway i downloaded malwarebytes,superantispyware and avira none of them picked up this tdss(trojan) i am new to computers so i had no understanding of what was causing my redirection i downloaded avg’s rootkit detection that never found nothing i continued this process for about 3 weeks i was on the verge of taking my pc to a shop for repair or reinstall the complete system then i downloaded kaspersky “tdsskiller” which picked up numerous infections in my registry atapi rebooted my computer and its been fine ever since it must rank as one of the worst infections for the sheer amount of control it excerts rendering your computer useless anyway i would recommend kasperskys tdss killer for the removal of these nasty rootkits

By: vB

vB — Tue, 26 Jan 2010 18:04:52 +0000

Since I found this site to be helpful I thought I would add a few details of my own cleanup. My neighbor was hit with Personal Security and apparently TDSS, if they aren’t the same thing, and fell for the ruse. He gave them his credit card number. The next day he couldn’t boot his machine and was receiving the 0000007b STOP code on start-up. Atapi.sys was definitely infected, but replacing it with a good file both in system32 and dllcache didn’t do the trick. I was able to boot to Last Known Good, but the machine almost immediately forced me to reboot once Windows was up. The next time I received 0000007b on Normal, Safe, and Last Known Good start-ups. While in BartPE I noticed that there was an entry under Services in the registry for Atapi, but not in the registry for the imported registry. I checked my own machine and sure enough there was an entry for Atapi, but not in the infected machine under any of the ControlSet00xs (of which there were three). I imported the key from a good machine to all three control sets and the machine was then able to boot. So if anyone else is still getting 0000007b after cleaning the atapi.sys file try searching in the registry for the Atapi service under HKLM\System\ControlSet001\services.

By: Another Fix For Unauthorized Google Redirects [Security] | Technology

Another Fix For Unauthorized Google Redirects [Security] | Technology — Sun, 17 Jan 2010 17:33:36 +0000

[...] possible solution has been posted at the Remove Malware website. It is a thorough way that takes longer than just running the Kaspersky [...]

By: bryan

bryan — Sat, 09 Jan 2010 00:47:04 +0000

Matt, After rootkit removal, are you considering threatfire in combination with MSE? I have settled on MSE, Threatfire, and Immunet together as a really good light alright combination with the windows firewall. As of this posting, Immunet is up to protection against 6,231, 897 threats. Bryan

By: kenneth

kenneth — Fri, 08 Jan 2010 12:29:57 +0000

mse. & kis 2010 detectes ubcd4win as a potental threat, on both my pc`s

By: Thomas

Thomas — Fri, 08 Jan 2010 09:48:23 +0000

Yes. i’d ask that question too.
Avira or MSE