Comments on: BackDoor.Tdss.565 http://www.precisesecurity.com/trojan/backdoortdss565 Thu, 09 Feb 2012 05:23:27 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Alexhttp://www.precisesecurity.com/trojan/backdoortdss565#comment-7164 Alex Fri, 27 Aug 2010 15:37:01 +0000 http://www.precisesecurity.com/?p=4649#comment-7164 That is incorrect doug. There is no 'side effect', as the infection remains. Try running the scan again and the virus will re-appear. This is because it hides itself on the last sectors of the hard drive, outside of the file system so it just looks like raw data and the scanner's won't even recognize it as being something to scan. I've had some success using Dr.Web to remove this virus, and ComboFix. Also GMER, kernel detective and Rootkit unhooker are useful tools for manually removing them. That is incorrect doug. There is no ‘side effect’, as the infection remains. Try running the scan again and the virus will re-appear. This is because it hides itself on the last sectors of the hard drive, outside of the file system so it just looks like raw data and the scanner’s won’t even recognize it as being something to scan. I’ve had some success using Dr.Web to remove this virus, and ComboFix. Also GMER, kernel detective and Rootkit unhooker are useful tools for manually removing them.

]]> By: Doughttp://www.precisesecurity.com/trojan/backdoortdss565#comment-6806 Doug Fri, 23 Jul 2010 19:48:17 +0000 http://www.precisesecurity.com/?p=4649#comment-6806 Although the steps described will detect and seem to remove the infection, much of the side effect remain. The computer will likely still be unable to access the Windows Update and many other security help sites because the userinit.exe file and several hosts files are changed.If the simple steps described here work, consider yourself lucky. Although the steps described will detect and seem to remove the infection, much of the side effect remain. The computer will likely still be unable to access the Windows Update and many other security help sites because the userinit.exe file and several hosts files are changed.

If the simple steps described here work, consider yourself lucky.

]]>