How do I remove the Rootkit.Win32.TDSS infection on my computer? I searched and found out it is a root kit. What is that exactly?
A rootkit is one of the most dirty infections out on the internet today. While most other infections like to pride themselves on taking control of your machine by parading around with massive banners and ugly programs, a rootkit discretely takes control of a computer and tries to act as if everything is normal.
The infection you have is one of the newest infections that has a specific tool to use to remove it from your machine.
Download the file TDSSKiller.zip and extract it to your computer. Run the file and let it create a log on the C:/ drive.
The scan may take some time but it should remove the infection without the requirement of a reboot. It will allow you to view the progress of the removal in a black CMD screen.
The TDSSKiller will search your computer registry for infected files or hidden files that are trying to “play it cool” and lay low in the background. Once it finds and removes the infection, I recommend a reboot (although it may not be necessary) and a scan from your favorite anti-virus software.
8 Responses
Mark
February 13th, 2010 at 12:45 am
1I've tried running tdsskiller several times, and every time I get the following message:
TDSS rootkit removing tools, Kaspersky Lab, 2010
version 2.2.3 Feb 4 2010 14:34:00
SetPrivileges failed!
Driver load error!
Press any key to continue . . .
Am I doing something wrong?
Mobile PC Rescue
March 4th, 2010 at 3:44 am
2Worked a treat on a customers PC = KIS 2010 & Malware Bytes failed to remove the Rootkit, this did it in 5 seconds, and then a reboot
Thanks to Kaspersky labs for such a great fix
Message to Mark above, you may need to use an Administrator account, if your still stuck, post on Kaspersky forum, as its there program - good luck
Steve
Peter
April 1st, 2010 at 3:24 am
3I have been trying to remove this virus for the past 2 weeks. Tried everything. I just ran the program, as is, and re-booted. Took less than 10 seconds to remove. Re-scanned with KIS 2010 (which detected it in the first place but failed to remove it) and no sign of it now.
Thank you very much for the program.
Geoff
April 11th, 2010 at 7:37 am
4Many many thanks for this excellent little tool. As with Mobile PC Rescue and Peter I have had this identified but not removed by many scanners (Malwarebytes, AVG, Super antispyware) In a few seconds and 1 reboot .....GONE Thank you again!!
Rootkit.Win32.tdsl removed!!
Doug
April 21st, 2010 at 5:36 am
5Used this tool, says it cleans, after reeboot its reinfected. tryed in safe mode, no success. tryed replacing atapi.sys file that was infected using a boot cd, after reeboot its still infected. Using kis rescue iso file now too scan it! Seems too be new variant that tdskiller struggles too clean. Used this program in the past and cant fault it.
Tom
May 2nd, 2010 at 11:47 pm
6Having the same problem as Doug. it finds the problem, reboots and the atapi.sys file is still infected.
Blair
May 3rd, 2010 at 1:23 am
7The TDSS rootkit is updated often. TDSSKiller often takes a few days, or even weeks to catch up. If you have a variant not removed by TDSSKiller, you should ask for help removing it in the forums here at WhatTheTech. Start here.
RedNose
June 11th, 2011 at 5:45 am
8The screenshot displayed is very old. Now TDSSKiller has a GUI interface and does not show any such CLI interface.
RSS feed for comments on this post
Leave a reply
Tech Questions?
Categories
Links
Expert Zone
Support Forums
Recent Entries
All trademarks and copyrights on this page are owned by their respective owners.
What the Tech is powered by WordPress - © Geeks to Go, Inc. - All Rights Reserved - Privacy Policy