These are the steps I have used to successfully remove the TDSSserv Trojan. The TDSSserv Trojan causes many symptoms: can't boot to safe mode, all files and registry keys that start with TDS will disappear from the user’s view, most Internet pages will be redirected to advertising websites, most antivirus websites will fail, etc. Simply uninstalling the Trojan will not work, as it will reinstall itself.
Open System Properties, click on the Hardware tab and open the Device Manager.
Click on View, Show hidden devices.
Expand the Non-Plug and Play Drivers section. And look for TDSSserv.sys.
Disable TDSSserv.sys and reboot the computer. If you do not reboot the computer, you will not be able to access certain infected files.
Warning: Do NOT uninstall it. If you do so, it will reinstall itself.
Go to Start, Run and press Browse.
Type in “c:\windows\system32\tds*” and press enter. Delete all the files that you see that start with tds.
Double click on the drivers folder and delete the one entry that starts with tds. (It will be the only entry that you will see.)
Exit the browse window and open the registry editor. Do a search for tdss. Delete all entries found.
For some of the entries, the permissions of the entries must be changed before they can be deleted. For those entries, right click the folder that needs to be deleted, click on permissions.
If the entry still complains about permissions, right click the folder, click on permissions, click on Advanced. Uncheck inherit from parent and click on remove on the pop up and then add “everyone” and give it full access.
Reboot the computer and it will be gone.
No comments:
Post a Comment