It seams like every other client who complains that they have a fake anti-virus also a TDSS Rootkit. Doing a quick search on how to get rid of a rootkit usually leads you right to Kaspersky’s TDSS Killer. It’s a fine little app when it opens and runs, but these days that’s a rare occasion. Why? The rootkit is preventing it from running.
Here’s what you can do to get rid of the rootkit on the system. Keep in mind there are lot’s of ways to do this, I’m just going to cover a few.
- Start the PC in safemode and try to run TDSS Killer. While the success rate of this method is low, I’ve used it a few times and it has worked.
- Download the TDSS Killer .exe instead of the zip. Sometimes the .exe is a newer version of the TDSS Killer.
- Make a Kaspersky Rescue Disk (how to create and use a Kaspersky Rescue Disk instructions) and scan boot sectors along with c:\windows\system32 (you have to click add for this one). The rootkit will be found and disinfected. After that you should scan your PC with Malwarebytes to get rid of any left overs.