Remove Backdoor.Tidserv:


Remove Backdoor.Tidserv:

System Restore can reinstate clean system files by restoring the configuration to an earlier date. If a restore point was created before you got infected with Backdoor.Tidserv, please run System Restore and select a saved restore point.
Backdoor.Tidserv REMOVAL TOOL:
1. Download the tool FixTDSS.exe from Symantec web site.
2. Save it to a desired location.
3. After download completes, disconnect the computer from Internet.
4. Computers who are running under operating system Windows ME and Windows XP must disable System Restore.
5. Reboot Windows in Safe Mode.
- After turning on the power, press F8 on the keyboard.
- Select Safe Mode from the menu.
6. Go to FixTDSS.exe download location on your hard drive.
7. Double click FixTDSS.exe to run the tool.
8. Let the tool thoroughly scan the computer and perform another scan after rebooting Windows in normal mode.
MANUAL REMOVAL OF Backdoor.Tidserv:
1. Update installed anti-virus application to have the latest definition file and virus pattern.
2. Reboot computer in Safe Mode
- After turning on the power, press F8 on the keyboard.
- Select Safe Mode from the menu.
3. Thoroughly scan the system and clean/delete all infected file(s). Please see below.
4. Delete/Modify any values added to the registry if present. Refer to associated Windows Registry Entries.
- Click on Start. Search or Run regedit.exe to begin registry editor.
Note: You may refer to links on sidebar for a complete tutorial on Safe Mode and Registry Editor.
5. Exit registry editor and restart Windows.
ADDITIONAL TOOLS AND PROGRAMS:
Scan with Norton Power Eraser:
A free removal tool from Norton Antivirus was developed to remove virus and unfamiliar threats without using the traditional AV signatures. Download the tool and start scanning with Norton Power Eraser.

Malicious Files Added by Backdoor.Tidserv:
%ProgramFiles%\Internet Explorer\[RANDOM FILE NAME].dll
%ProgramFiles%\Movie Maker\[RANDOM FILE NAME].dll
C:\Documents and Settings\All Users\Application Data \[RANDOM FILE NAME].dll
Associated Windows Registry Entries:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\H8SRTd.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSServ
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSServ.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDSServ.sys
HKEY_CURRENT_USER\Software\Mozilla\affid=
HKEY_CURRENT_USER\Software\Mozilla\subid=
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT\injectors
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT
HKEY_LOCAL_MACHINE\SOFTWARE\TDSS

precisesecurity (author) said:
1. Temporarily Disable System Restore (Windows Me/XP/Vista/7) . [how to]
2. Update the virus definitions.
3. Reboot Windows in Safe Mode. [how to]
4. Run a full system scan and clean/delete all infected file(s)
5. Delete/Modify any values added to the registry. [how to edit registry]
Navigate to and delete the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\TDSS\”build” = “standart”
HKEY_LOCAL_MACHINE\SOFTWARE\TDSS\”serversdown” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\TDSS\”type” = “pop-up”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata\”affid” = “39″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata\”asubid” = “v2test7″
Navigate to and delete the following registry subkeys:
HKEY_LOCAL_MACHINE\SYSTEM\Current ControlSet\Services\TDSServ
HKEY_LOCAL_MACHINE\SYSTEM\Current ControlSet\Control\SafeBoot\Minimal\TDSServ.sys
HKEY_LOCAL_MACHINE\SYSTEM\Current ControlSet\Control\SafeBoot\Network\TDSServ.sys
HKEY_LOCAL_MACHINE\SOFTWARE\TDSS\version
HKEY_LOCAL_MACHINE\SOFTWARE\TDSS\connections
HKEY_LOCAL_MACHINE\SOFTWARE\TDSS\disallowed
HKEY_LOCAL_MACHINE\SOFTWARE\TDSS\injector
6. Exit registry editor and restart Windows.
7. In order to make sure that threat is completely eliminated, carry out a full scan of your system using AntiVirus and Antispyware Software. Another way to delete the virus using various Antivirus Program without the need to install can be done with Online Virus Scanner.

Set your cookies to high or block everything in the Internet options
1.Right click My computer>Hardware>Device Manager
2.In Device Manager click view>Show hidden devices
3.In Non-plug and play drivers disable TDSS.sys or related drivers.
4.Restart computer.
5.Now regedit and delete all TDSS related entries.(If you are not able to delete some entries right click and grant yourself full access for the entry)
6.Run the Norton and AVG with Rookit settings ON.


Norman TDSS Cleaner:
norman.com/support/support_tools/77201/en
&/or
How to remove the TDSS, TDL3, or Alureon rootkit using TDSSKiller:
bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller