Tuesday 2 December 2008

Antivirus XP 2008 and tdssserv.sys trojan / rootkit

Just had another encounter with this fiend - except this time it was too late to try and load Malwarebytes or AVG updates or Ad-Aware. They were all blocked, although internet access appeared ok for most sites. Trying to access AVG for example just bounced you back to a Google looking results page every time.

There's some good info over here and I was interested to see that the old Microsoft/Sysinternals Rootkit Revealer showed up the hidden components (the F-Secure Backlight rootkit eliminator showed up nothing). I booted off CD and manually removed them - the TDSSserv components were key. Was then able to start Windows and install Malwarebytes to clear up any loose ends.

It's getting rough out there.

Trust 1&1 Internet for your domain name registration, from only £1.99/year!. Check now!