|
 |
|
DARFUNS Message Boards! (TechVTS)
Got a computer virus/security question?
Ask it here and get instant helpfull answers.
Or Brows other computer security questions and answers by community
Login - Register
What is Trojan TDSSServ Trojan Tidserv and how to remove it?
How to remove trojan TDSSserv
Trojan.TDSSserv also known as Trojan Backdoor.Tidserv is a trojan horse that may represent security risk for the infected computer. The trojan uses rootkit-specific techniques designed to hide the software presence in the system and also blocks user access to security websites. Once running, this trojan will display a fake security alerts that tells you to install a rogue antispyware application to delete the infection. These alerts are a fake and should be ignored!
Use the following instructions to remove trojan TDSSserv (trojan Backdoor.Tidserv).
Step 1: Disable TDSSserv trojan driver.
Right click the My computer icon. If you are using the non classic Start menu, then right click My computer icon on your Start button menu.
Click Properties.
Click Hardware Tab.
Click Device Manager.
In the top menu, click View and click Show Hidden Drivers.
Scroll down to non Plug and Play drivers.
Click + at left.
In the list of drivers right click TDSSserv.sys.
Click Disable.
Click YES for confirm.
Close all windows and reboot your computer.
Step 2: Delete TDSSserv trojan driver.
Download Avenger from here and unzip to your desktop.
Run Avenger, copy,then paste the following text in Input script Box:
Drivers to delete:
TDSSserv.sys
Then click on ‘Execute’.
You will be asked Are you sure you want to execute the current script?. Click Yes.
You will now be asked First step completed — The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes.
Your PC will now be rebooted.
Step 3: Remove TDSSserv trojan files and any associated malware.
Download Malwarebytes Anti-Malware (MBAM). The program designed to quickly detect, destroy and prevent malware, spyware, trojans.
Once downloaded, close all programs and Windows on your computer (including this one).
Double-click on the icon named mbam-setup.exe to install the application.
When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select “Perform Quick Scan”, then click Scan.
MBAM will now start scanning your computer for malware. This process may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
MBAM will now delete all of the files and registry keys and add them to the quarantine.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The trojan TDSSserv creates the following files:
%Temp%\file.exe
%Temp%\TDSS[RANDOM CHARACTERS].tmp
%System%\drivers\TDSS[RANDOM CHARACTERS].sys
%System%\TDSS[RANDOM CHARACTERS].sys
%System%\TDSS[RANDOM CHARACTERS].dat
%System%\TDSS[RANDOM CHARACTERS].log
%System%\TDSSserv.sys
%System%\TDSSerrors.log
%System%\TDSSservers.dat
%System%\TDSSl.dll
%System%\TDSSlog.
%System%\TDSSmain.dll
%System%\TDSSinit.dll
%System%\TDSSlog.dll
%System%\TDSSadw.dll
%System%\TDSSpopup.dll
Also read This info
How to Disable ‘tdssserv.sys’ Trojan Identified With Update Failure and Redirected Searches
Key Symptoms: (any of the following)
applying software updates does not work
Google searches /Yahoo searches are redirected
AntiVirus / AntiMalware programs are just 'spinning'
often associated with Antivirus XP 2008, Antivirus XP 2009
Predicted Outcome:
Ability to complete the UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions
Ability to update your protection programs: Antivirus, AntiMalware, Rootkit, etc.
Procedural Steps
1.Start->Run-> Devmgmt.msc ->ok
On the toolbar, Click on View -> "Show hidden devices"
2.Scroll down and locate Non-plug and Play Drivers
Click the + sign to expand
3.Search for “TDSSserv.sys”
More exploits: clbdriver.sys, oUltraf, seneka.sys,
Right click on it, and select “Disable”
4. Restart your computer
5. Confirm 'TDSSserv.sys' is disabled. Repeat Step 1-3. Cancel to exit.
6. Begin or resume UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions
Aknowledgement: Mike, humble PC users everywhere
Technical Details:
Common Names: gogoogle, goyahoo
O20 - AppInit_DLLs: karna.dat is apparent in HJT log
Detected in various scanning programs:
C:\WINDOWS\system32\wini10894.exe
C:\WINDOWS\brastk.exe
C:\WINDOWS\system32\brastk.exe
C:\WINDOWS\karna.dat
C:\WINDOWS\system32\karna.dat
TDSSserv.sys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | brastk
all software updates redirected to 127.0.0.1 (your own computer) so they won't update.
Modification History
2.2 Add more service names
2.1 Modify title
1.1 Source material from Kimsland
1.2 This is pretty much my limit for addressing technical details for rooting out the infection
|
| | |
 |
|
|
Anti Virus - Spyware Removal - Trojan Removal - Registry Repair