How to remove malware belonging to the family Rootkit.Win32.TDSS (aka Tidserv, TDL4, TDSServ, Alureon

por | 30 junio, 2011

Run the latest version of GMER.

To remove it, you need to run a series of three scanners in this order:


and Malwarebytes’ Antimalware;1

Note that TDL4 is often a blended threat, and has other secondary infections that can cause issues. One of the most common does search redirection that can make it hard to get to the tools to remove it. Most versions of that you can work around by clicking on the Google cache of the site with the tool instead of the link itself.

As for who to blame, most of the infections installed on people’s machines were abusing exploits in Adobe Flash. Keeping up to date helps, but I started installing Flashblock on my client’s systems because I was convinced there were unknown Flash exploits.