I had TDL3 a few years ago infecting atapi.sys and no tool could remove it... but format c: and DriveImageXML saved me :P

Excellent video! tdl4 is HELL to get rid of; great, brief, solution!!

Very useful video. I had TDL4@MBR on my main home computer. AVG free and Malewarebytes did not find it. GMER found it, but when trying to remove I got BSOD. Kaspersky TDSSkiller got it and now I have my computer back!

But what do I now do with the half dozen thumbdrives that have "setup50045.fon, setup50045.lnk, autorun.inf, myporno.avi.lnk, pornmovs.lnk" on them? How do I clean them up???

Great Tutorial. Thanks

thank u



u save my computer this its awsome



Hi Brian,

Once again you saved my laptop, you never fail.

Thank you

My sis' laptop had this and a simple scan with tdss killer fixed everything up. Thanks a bunch!

Hi!

TDL4 will rewrite the Default MBR code....this has to replaced with a standard MBR using a repair disk or MBRCheck....It is to be noted that Dell has a different MBR code and it will be dangerous to replace the code since if replaced the Access to recovery will be lost...u will have to fix it with DSRFix....tdsskiller wil cure the The rootkit on the computer but it may fail in some conditions...so dell users have two options...either a factory restore through the DSR or to hav contd infectn

Касперский что своё говно и зарубеж толкает? я в шоке)

I spent some time online trying different options to remove this annoying virus from my PC without success. TDSS Killer found and removed it straight away. Thanks very much.

@jkingi161168 Your welcome glad i could help.

you will see that this is the reason that you still have the virus after using fixmbr, because you did not use the proper syntax. you can find the proper syntax by typing "map" in the recovery console prompt before using your fixboot and fixmbr commands

you have used the wrong syntax for fixmbr. the proper use is fixmbr \device\harddisk\partition where the first hard drive is "harddisk0" and so on, and where the first partition is "partition0" and so on. you do not just type fixmbr. that does absolutely nothing really... first partition on the first hard drive would be as follows: fixmbr \device\harddisk0\partition0 every partition has an mbr, so it is necessary to fix every mbr, not just one...

another great vid

Brian Krebs of Krebs on Security dot com has a great blog post today "Who’s Behind the TDSS Botnet?" showing some amazing research he's conducted in an effort to out the TDSS author. Based on the target's actions since Krebs posted the article, it appears that Krebs is on the right track. The target immediately started trying to shutdown all of his Internet accounts, including his Live Journal and YouTube accounts. Unfortunately for the Target, Fizot, Krebs saved screenshots of everything.

I've used all these programs and only once it was found, but now no program finds it or any variants. Idk what to do now..

top man, worked 1st time using the bitdefender option.... thanx thanx & THANX again.... ;)

MSE finds this virus on my PC. HitmanPro, TDSS Killer, GMER.exe, Malwarebytes and Spybot S&D all do not find this virus. MBRCheck.exe tells me I have standard MBR. Do I still have it or not? MSE would find it and 'remove' it but it kept coming back on reboot. However, I have no effects of the virus. I don't get redirected, I can still open antivirus applications/websites etc.

Oh and by the way does Malwarebytes and Microsoft Essentials work against this virus? cuz that's what I've used for viruses before, so if those aren't as good as the ones you mentioned on the video let me know please...I appreciate your help thanks.

does using the boot up cd for windows xp procedure you did delete the information you have on your hard drive?...I'm looking into doing a different procedure where I'm buying an adapter for sata/ide/pata hdd to usb connection to use on a different computer and use the antivirus there to get rid of the virus and then put the hdd back on my pc, idk if that will work...and unfortunately my pc didn't come with a boot up cd, so Idk where to buy a windows xp booting cd, any recommendations?

are you able to run any tools(tdsskiller,etc.) before running fixboot and fixmbr?

@mike91342 you might get a chance to scan with tools if you know you have the infection, but black screen happened when I rebooted.

Great video. Just one question--is it best to have the four scanning tools you mentioned already downloaded to your harddrive before any trouble is noticed?

@wns67 it wont hurt

Britech, you are simply one of the best...I thank you for your videos !!

@IcaroChacal thanks alot for your kind words

people like britech have become rare so it seams ..great service! thank you A+

great tutor site

@lllraverslll Thanks

In enjoyed the Video! Especially the RootKits and RamsomWare!

Bang on as usual Brian. A lot of people don't realize that doing this sort of thing is very time consuming. Much appreciated :-)

@smallpebble7 Your welcome mate.

Thanks Brian. Another great video.

are these all free tools

@hardcore4d4 Yes they are all FREE

Awesome thanks Brian.

Thank you for such an excellent post

Great tutorial as always - Thanks Brian..

Excellent Information....Ill be sure to send people your way.

Excellent video Brian, You sure taught me some new methods of removing these nasty things. Cheers.

If I'm infected and got the black screen in the beginning of the video, can I use the system repair disc that I made in the "Backup and Restore" section in Windows 7? I don't have a Windows CD.

@hahacify If you made a Backup copy on a Disc...then you should be able to do a restore of the system... yes

Cool video, Thanks. Can you look at this new malware that bleeping computer wrote about. it uninstalls your current antivirus program. When it is done uninstalling your antivirus software it will reboot back into normal Windows mode and display alerts that appear to be from your security software so that you think it is still installed and working properly. Security researcher Xylitol recently wrote an article about the new malware.

@yodabadass yeah thats the Trojan.FakeAV.LVT virus I will see if i can get a copy and do a video on it.

Another well explained vid, you do save us all from the nasty stuff on the net. Takes time to do this and we all thank you two thumbs up.

@shammon1 Thanks mate... and your right it does take time, it did not work out how I wanted, but it was ok.

Does the recovery console need to be pre-installed?

@Kurio71 you use a windows cd