TDSS rootkit - How to remove?
TDSS Rootkit or TDSS is Trojan that is designed to work together with malware. Once this rootkit manages to get inside the system, it downloads and executes other threats, interrupts its victims with annoying ads and disables them from using security and other programs. It is known under several names, like Alureon, TDL3, TDL4, and is one of the most advanced and aggressive rootkits today.
Being designed to be one of those completely annoying infections, TDSS infection stays invisible and in the meanwhile lets more malware to come inside. While it stays unnoticed by legitimate anti-malware programs or Windows, its victims should pay attention to the signs that usually appear once this infection gets inside the system. One of those symptoms is annoying Google redirects when instead of reaching the website you want you are redirected to the other, commercial one in the most of the cases. Note that you shouldn’t fall for the products they promote because most of these websites are completely malicious ones. As we have already said, TDSS also disables you from starting various programs, like anti-virus and anti-spyware, because it has a large list of programs that are not allowed to execute. You also won’t be capable to access various websites as well because TDSS Trojan simply protects itself from being removed from the system.
TDSS usually uses regular driver names for their files. In some cases, original random drivers are replaced by this rootkit and malicious ones are installed. Older versions used predefined names like Tdssserv.sys or the ones listed below. In most of the cases you will not see any of these files under processes running, as rootkits protect their processes from being detected or listed. To prevent deletion, TDSS virus might infect MBR record (first sector of disk) as well, which is executed prior windows booting. This can be fixed by usage of windows boot cd or tools below.
As you see, TDSS means a serious problem for your computer, so you must eliminate it immediately after detection. If you have noticed this trojan on your computer, you should follow this guide to remove TDSS from your computer.
How to remove TDSS Rootkit infection:
- Download TDSSKiller from KasperskyLabs;
- Click on the TDSSKiller.exe icon and rename it to xxx.com (the virus hasn’t been found to block .com);
- Launch the program: double-click on the icon and choose ‘Run’;
- TDSSKiller should find TDSS infection and eliminate it. Finally, reboot your computer by clicking on ‘Reboot Now’ button and finish the removal procedure.
More dedicated anti-Tdss tools can be found in our anti-rootkit tools section. However, TDSS Killer is the best as it works on both 32 and 64 bit windows system. An alternative approach is usage of Bootable scanner CDs, however the process is more cumbersome. These programs are booted from CDs or USB sticks and scan for TDSS and other parasites.
In addition, you should also run regular anti-virus and anti-malware programs and check the system for additional malware that could have been downloaded by TDSS rootkit. Spyhunter, Hitman Pro, are known to remove at least some versions of TDSS rootkit, Malwarebytes Anti-Malware has problems with them at the moment but will remove most of the other trojans.
There are cases when TDSS rootkit can not be removed even with TDSS killer or alternate OS Scanners. These cases are rare, and different alternate os scanner should solve the problem.
Automatic TDSS rootkit removal toolsWe might be affiliated with some of these programs. Full information is available in disclosure
Important Note: Although it is possible to manually remove TDSS rootkit, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend using TDSSKiller or other tools found on 2-viruses.com.