is no longer recommending
Spybot S&D or Ad-Aware due to poor testing results. See here
- (scroll down and read under Freeware Antispyware Products)
. As for Spybot S&D, most people don't understand how to use TeaTimer
and that feature can cause more problems than it's worth. TeaTimer monitors changes to certain critical keys in Windows registry
but does not indicate if the change is normal or a modification made by a malware infection. The user must have an understanding of the registry
and how TeaTimer works in order to make informed decisions
to allow or deny the detected changes. If you don't have understanding how a particular security tool works, then you probably should not be using it. Additionally, TeaTimer may conflict with other security tools which do a much better job of protecting your computer and in some cases it will even prevent disinfection
of malware by those tools.
More effective alternatives are Malwarebytes Anti-Malware
and SUPERAntiSpyware Free
Please follow these instructions: How to remove Google Redirects or the TDSS, TDL3, Alureon rootkit using TDSSKiller
-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.Step 7
- Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
- When the program opens, click the Start Scan button.
- If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
- Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process. <- Important!!
Note: If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
- A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
- Copy and paste the contents of that file in your next reply.
instructs you to scan your computer using Malwarebytes Anti-Malware
and remove any traces that may still be present. If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally
will prevent Malwarebytes from removing all the malware. After performing that step, please post the complete results of your scan for review.If you cannot use the Internet or download any required programs
to the infected machine, try downloading them from another computer (family member, friend, library, etc) with an Internet connection. Save to a flash (usb, pen, thumb, jump) drive or CD, transfer to the infected machine, then install and run the program(s). If you cannot copy files to your usb drive, make sure it is not "Write Protected
". Some flash drives have a switch on the side or on the back as shown here
which could have accidentally been moved to write protect.