I recently had another run-in with that flavor of malware that disables your antivirus, blocks any antivirus web sites and Windows Update web site, and tries to take you to some ad site so you can get more viruses on your computer. This time I was victorious. I have no doubt there are many different variations of this type of insufferable programing made by many different delinquents, but I beat this one.

I knew there was something wonky going on because I was getting pop-ups that were about how my computer was infected and did I want protection. The DEAD GIVEAWAY to pop-ups is your mouse. It will change to the little pointer finger when it is over a link. That is a sure sign that it is a web link and not a legitimate windows message; that and the task bar will show a browser window open.

The first thing I did was to remove the non-functioning Norton AV and install AVG. I had prepared for not being able to update the AVG and brought the latest updates with me on my flash drive. When I tried to run AVG I got errors and it shut down. I rebooted into safe mode and did a complete scan from there which uncovered 3 viruses and promptly whisked them away to the virus vault. Returning to normal Windows mode I discovered that my problem was not resolved. I still could not navigate to Windows Update or any major antivirus web site. I did some searching online and found Trojan Remover which was said to be able to repair this redirect problem. I downloaded and installed the trial version, which is fully functional for 30 days and it found the TDSS trojan and made quick work of it. Within 5 minuets I was updating AVG and Windows. Problem solved.

Here is a little snippet from the log file of Trojan Remover, showing what it found and what it did. listed are the actual registry keys removed.

HKLM\SOFTWARE\TDSS - key (and subkeys) deleted
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata - key (and subkeys) deleted
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV.SYS - key (and subkeys) deleted

Vóila! The TDSS trojan installs itself in rootkit fashion and is not detected by AVG free. The last time I encountered something of this nature I couldn’t find it and had to reformat. Now I have a solution.

This wicked little trojan allows for other malware, like popups, ads and other garbage to sneak into your computer and could possible lead to other unwanted consequences. Here the description the bug compliments Sunbelt Research.

Filed under: Software, computer repair