Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
2371 Views 6 Replies Latest reply: Jan 29, 2009 7:59 PM by ryoma10 RSS
Newcomer 4 posts since
Jan 26, 2009
Currently Being Moderated

Jan 26, 2009 10:58 PM

How to remove TDSSserv registries


My laptop was infected by TDSSserv.sys rootkit . I cleaned it with the help of superantispyware and malwarebites. also i have mannually removed the tdssserv .sys from my device list.
But still after cleaning using boht of them i am still seeing 5 registries in of TDSSserv in the detection in superantispyware.Malewarebutes gives no infections.

Is my computer still infected with this TDSSserv?
If not then how do i remove these registries completely from my machine.

Also after cleaning this rootkit i am facing a problem when my comp is starting up i am seeing a small white box in right hand bottom corner above the start up panel ,with a symbol ( similar to picure not available symbol)..Also i am not able to see any symbols and smilies in my messenger window ( gtalk in my case)

Can any one please help me out and suggest me what i should do to rectify the problems

Following is the log from a superantispyware.I ran only registry sand memory sacn as form complete scan too gettign the same result.

SUPERAntiSpyware Scan Log

Generated 01/26/2009 at 11:41 PM

Application Version : 4.15.1000

Core Rules Database Version : 3729
Trace Rules Database Version: 1699

Scan type : Custom Scan
Total Scan Time : 00:05:57

Memory items scanned : 622
Memory threats detected : 0
Registry items scanned : 7353
Registry threats detected : 5
File items scanned : 0
File threats detected : 0

  • paullotion Apprentice 8,078 posts since
    Apr 13, 2006
    Currently Being Moderated
    1. Jan 28, 2009 1:27 PM (in response to ryoma10)
    RE: How to remove TDSSserv registries

    Click start> run> type regedit

    Then click on


    Locate TDSSserv.sys and right click on it

    Select delete from drop down menu.

    The Black Bear

    *Important News for BT/TalkTalk customers*

    BT/TalkTalk dump Phorm spyware, for more information see this article Here , also visit the NODPI website for much more information relating to DPI.
  • Dennis_Allen Newcomer 268 posts since
    Apr 11, 2008
    Currently Being Moderated
    3. Jan 28, 2009 2:37 PM (in response to ryoma10)
    hi..can you pls try this one..
    Click start-->run--> type devmgmt.msc then click on ok

    On the upper part of the device manager, click on VIEW then select show hidden devices.


    Then, right click TDSSserv.sys and disable it.

    .Then try deleting it again on the directions given by paullotion..
  • vinod_r2 McAfee Mentor 3,126 posts since
    Feb 15, 2008
    Currently Being Moderated
    5. Jan 29, 2009 3:47 AM (in response to ryoma10)
    RE: hi..can you pls try this one..

    Get to that location on the REGEDIT ( start --->run and then type Regedit)

    on the key( the folder like entity on the left pane)
    right click and select permissions then add EVERYONE and give full control to that keys alone
    then scan after you have changed permissions


More Like This

  • Retrieving data ...

Bookmarked By (0)