MS Antivirus XP 2008, TDSSserve.sys and

All the above are nightmare viruses/Trojans/spyware that can take hours and hours to cleanup.

I have a client that managed to get infected by all three in one go while trying to install what I suspect was a fake Google Earth.

The result was that all anti spyware was disabled, connectivity to the Internet was affected, all search results in Google were altered, regedit was disabled and view folder options went missing.

Other possible symptoms:
* Often see “Blue Screen of Death” after restart
* Changes the desktop background
* IE and Firefox slows down after getting infected by
* Infects e-mail attachments, messenger, spyware scanners etc.

Basically, TDSSserv.sys is a service redirecting all software updates to (your own computer) so that won’t update

To prove that you are infected with TDSS, run Rootkit Revealer and  click “Scan”. If it shows any entry with TDSS then you are infected.

What a nightmare!

Here is an amazing quick fix to the problem:

First of, run SDfix  in safe mode which you can download from here or here. For more instructions on using SD fix, see here

Once SDFix has completed its two rounds of cleanup, restart the computer
Then in regular Windows mode
Right click on “My Computer”, then “Properties” and find “Device Manager” (in XP this will be under “Hardware, in Vista it will just be on the left hand side)

In Device Manager, click “View” and then “Show Hidden Devices”
Scroll down to “Non-plug and Play Drivers” and click the plus sign to expand the folder
Look for “TDSSserv.sys”
Right click on it, and select “Disable”
Note: do not select “Uninstall” as it will re-install after reboot
Restart your pc

You can now update your Antivirus/Spyware software and run full scans to cleanup to mess

Recommended scans:
Malwarebytes Anti-Malware
Spybot Search & Destroy
CCleaner – use this to clean all temp files and orphan registry entries

Then scan for viruses using AVG or AntiVir

Finally SpywareBlaster – use this to create a system snapshot when clean

Note: You may need to re-enable regedit and bring back Folder options
You may also want to delete all “TDSS” entries in the registry and might need to ensure permissions are set correctly to delete them


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: