How to remove Rootkit.Win32.TDSS (aka Tidserv, TDSServ, Alureon)

This is a  nasty piece of malware that craps out your system. You can’t boot up and a boot disc “blue screens” your system.

After connecting the drive via USB cable to my forensic machine, I threw the usual malware removal tools at it first. Malwarebytes, SUPERAntiSpyware, and yes, Microsoft Security Essentials. MSE was the only one to recognize the rootkit and at least give me an idea as to what ailed this system. It was the Trojan:DOS/Alureon.A, which is an Alert Level Severe!

Unfortunately MSE couldn’t remove it, so it was going to take a special tool to scrub this bad boy from the master boot record and Kaspersky came to the rescue with TDSSKiller.exe.

I downloaded it to my forensic computer and just ran it, (by right clicking on the executable and running as an administrator), with the malware infested hard drive still attached via USB cable.

It very quickly found the rootkit and “Cured” it. I re-ran it just in case and I was good to go.

For more information, head on over to Kaspersky.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s