Before doing anything further, if you have not already done so, you should back up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. If that occurs there may be no option but to reformat and reinstall the OS or perform a full system recovery. The safest practice is not to backup any files with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.
Please download Kaspersky's TDSSKiller
and save it to your Desktop. <-Important!Be sure to print out and follow the instructions for performing a scan
- Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.
- Alternatively, you can download TDSSKiller.exe and use that instead.
- Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
- If an update is available, TDSSKiller will prompt you to update and download the most current version. Click Load Update. Close TDSSKiller and start again.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it to something else before beginning the download and saving to the computer or to perform the scan in "safe mode".
- When the program opens, click the Change parameters.
- Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
- Click the Start Scan button.
- Do not use the computer during the scan
- If the scan completes with nothing found, click Close to exit.
- If 'Suspicious objects' are detected, the default action will be Skip. Leave the default set to Skip and click on Continue.
- If Malicious objects are detected, they will show in the Scan results - Select action for found objects and offer three options.
- Ensure Cure is selected...then click Continue -> Reboot computer for cure completion.
- Important! -> If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed.
- A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
- Copy and paste the contents of that file in your next reply.
-- For any files detected as 'Suspicious
' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan
. In the "File to Scan
" (Upload or Submit) box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis. If you get a message saying "File has already been analyzed
", click Reanalyze
or Scan again
: Some infections will alter the Proxy settings in Internet Explorer
which can affect your ability to browse, update or download tools required for disinfection. If you are experiencing such a problem, check those settings. To do that, please refer to Steps 4-7
under the section Automated Removal Instructions
in this guide
. If using FireFox, refer to these instructions
to check and configure Proxy Settings under Advanced Options > Network tab > Connection Settings
Also try restoring the default settings in Firefox.