TDSSS rootkit is a dangerous Trojan virus. This Trojan compromises your entire security of your system and thus makes your data and system so vulnerable to the hackers and other malicious programs. This Trojan installs on your computer through the exploitation of many security loop hole on your security systems or through faulty upgrades and visiting of faulty websites especially dealing with multimedia and gaming.

Your computer gets highly vulnerable once it is attacked by this rogue software. This software appears in many different names on your computer few of them are TDL4, TDL3, and Alureon. This is very nasty malware that produces many popup windows and advertisements from different irrelevant commercial sites. These ads really get on your nerves and will not allow you to work properly. Once on the dangerous part of this software is that it changes all of your browsing settings and redirects your searches to some irrelevant sites and come up with irrelevant site results. Another dangerous aspect of this rogue software is that it will invite and download other malwares to install on the system and make the system even more vulnerable to external threats.

TDSSS rootkit disables your security software, other security utilities, and sometimes it may block your task manager in normal operating more of your computer. This software normally replaces the drivers of important integral processes. This is very dangerous rogue malware and need to be removed immediately from your computer. I am walking you through manual removal of TDSSS rootkit Trojan malware.

Stepwise Removal of TDSSS rootkit Trojan

You need to follow following steps to remove this virus manually.

  • Stop the processes suspected process on your computer before you move for elimination of root directories and registry keys.
  • You need to hit ALT+CTR+DEL → click on process
  • Choose Rootkit.tdss.v3 or other such processes; but normally these processes tries hide them out.
  • Once the processes are stopped you need to remove registry keys.
  • Click Start → Run → Type ‘regedit’ → Hit Return
  • Locate following registry keys
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce\
    • HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = C:\WIND
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
    • Select above mentioned keys → right click → select Delete/Remove → Confirm
    • Once you remove the registry key in registry editor, you need to remove all those files and folders that are suspected for this Trojan as given below.
      • C:\WINDOWS\system32\UAC[random].dll
      • C:\WINDOWS\system32\uacinit.dll
      • C:\WINDOWS\_VOID[random]\_VOIDd.sys
      • C:\WINDOWS\system32\UAC[random].db
      • C:\WINDOWS\system32\_VOID[random].dat
      • C:\WINDOWS\SYSTEM32\4DW4R3c.dll
      • C:\WINDOWS\system32\UAC[random].dat
      • C:\WINDOWS\system32\uactmp.db
      • C:\WINDOWS\system32\drivers\_VOID[random].sys
      • C:\WINDOWS\system32\drivers\UAC[random].sys
      • C:\WINDOWS\Temp\UAC[random].tmp
      • %Temp%\UAC[random].tmp
      • C:\WINDOWS\SYSTEM32\DRIVERS\4DW4R3[random].sys
      • C:\WINDOWS\Temp\_VOID[random]tmp
      • %Temp%\_VOID[random].tmp
      • C:\WINDOWS\_VOID[random]\
      • C:\WINDOWS\system32\_VOID[random].dll
      • C:\WINDOWS\SYSTEM32\4DW4R3sv.dat
      • C:\WINDOWS\SYSTEM32\4DW4R3[random].dll
      • Remove above files and folders manually one by one.
      • You are almost done with manual removal of TDSS rootkit malware manually.
      • You need to verify the all three major steps taken in above process i.e. Process, Registry keys, and files.
      • You are done once you verified all three things.

This is very important and critical activity and needs to be completed under expert technicians.

TDSS Rootkit Trojan Removal Procedure

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>