«
»

Can’t Remove Tdsserv.sys From Registry?

So I was hit by the TDSS backdoor trojan, and the only thing left after 2 passes with MalwareBytes and multiple passes with Superspyware, I have a registry key in HKLM/system/CCS\services\tdsserv.sys
When I try to modify the key, regedit notifies me that an error has prevented me from modifying the entry (access is denied).
I have tried symantec’s tool for unhooking regedit, but tdsserv destroys the fix instantly. I’ve also disabled system restore as well, and the key only appears in superspywareremover in non-safe mode, although the key can’t be deleted, no matter what.
Help pleeeeaaasee…this is just killing me. I’ve gotten so close to to killing this thing but it still is waiting to infect me again.

Tags: , , , ,

This entry was posted on Monday, September 21st, 2009 at 12:10 pm and is filed under sys files. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Can’t Remove Tdsserv.sys From Registry?”

  1. WP Robot Wordpress Plugin says:
    September 21, 2009 at 12:10 pm

    See if this works
    Go to run type regedt32.exe no i didnt forget the i in edit
    double click HKEY_CLASSES_ROOT
    then scroll all the way down to TypeLib and double click
    see if you can find E381F1A0-910E-11D1-AB1E-00A0C90F8F6F
    If you can Click the Security menu, and then click Permissions.
    Add the Administrators group and give Full Control.
    I that does not work go to run type regedit and right click on HKEY_CLASSES_ROOT
    then select permissions and give the admin all permisions and control.
    additional details: sorry thats all I can think of. I take it that you’ve already tried in safe mode.
    Good luck

Leave a Reply