Home Blog

Rootkit.win32.tdss.tdl4 Removal Help – How to Remove Rootkit.win32.tdss.tdl4 completely

Posted by in Blog Trojan
on October 27th, 2012 | Leave a comment

Rootkit.win32.tdss.tdl4 is a Trojan that can open a back door in the compromised computer and give other threats access to the computer. As the Trojan is not a new one, many antivirus programs can detect the Trojan effectively when the pc is attacked, but still lots of pc are infected. So how to remove Rootkit.win32.tdss.tdl4 becomes a popular topic. The Trojan will create files and registry entries randomly, which can restore the Trojan when it is corrupted by a security program. That is why the Trojan can come back to a computer again and again. It is also detected that the Trojan will download malicious files from its server according to hackers’ command.  The infected computer is easily infected by adware, spyware, worm and other pc threats like google redirect virus. To protect your computer from further attacks, you must remove Rootkit.win32.tdss.tdl4 completely.

Manual way to wipe off the Trojan
Experts has found out files and registry entries the Trojan will drop on a compromised computer, so if you can manually remove all of them the Trojan can be removed completely. However, Rootkit.win32.tdss.tdl4 manual removal is not as easy as what it sounds like. Any mistake can lead to system crashes.
1. Delete following files. Some of them may stay resident on the system memory and you need to kill related processes.

RkLYLyoM.exe
podmena.exe
file.exe
~.exe
7-v3av.exe
csrssc.exe
72631899.exe
1776260179.exe
ucxmykkc.exe

2. Unregister related dll files

UACyylfjdaa.dll
TDSSnrsr.dll
TDSSmaxt.sys
tdssserf.dll
TDSSriqp.dll
TDSSciou.dll
TDSSoexh.dll

3. Open registry editor and delete Rootkit.win32.tdss.tdl4 registry entries

HKEY_CURRENT_USER\Software\Mozilla\affid=
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT\injectors
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT
HKEY_LOCAL_MACHINE\SOFTWARE\TDSS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\H8SRTd.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSServ
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSServ.sys

Most effective way to remove Rootkit.win32.tdss.tdl4
If you want an easier way to get rid of the Trojan safely, a professional security program is always your first choice. Though yours fail to remove the Trojan completely, it doesn’t mean the others will fail, too. An advanced antispyware program is recommended because it provides more sensitive search engine and can pick up all components of Rootkit.win32.tdss.tdl4. With such a program, the Trojan can hide nowhere on your pc. You do not have to worry the Trojan will come back again. We recommend you to download Spyware Cease, which can remove Rootkit.win32.tdss.tdl4 and also repair system vulnerability to protect the computer from further attacks.

Leave a Reply