Backdoor.Tidserv

Updated: October 4, 2012 Trojan 36 Comments

Backdoor.Tidserv is one threat that uses advanced techniques to infect a computer. It requires systematic removal procedure to get rid of this Trojan.

Backdoor.Tidserv is a Trojan horse that allows remote unauthorized access on infected computer by creating a backdoor port. Backdoor.Tidserv remains hidden from the system with its use of advanced rootkit techniques. Once inside the computer, this Trojan can redirect Internet browser’s search result to a set of web addresses. Upon visiting said web sites, the Trojan will display pop-up ads and fake virus scanners to promote a rogue security product.

Alias: Backdoor:W32/TDSS, BKDR_TDSS, Win32/Alureon, Trojan-Dropper.Win32.TDSS, Packed.Win32.TDSS

Damage Level:  High

Systems Affected: Windows 9x, 2000, XP, Windows Vista

Characteristics
When Backdoor.Tidserv is installed on the computer, it will complete a task of providing support for authors behind this attack and aims to gain revenue in a sham manner. Hence, the Trojan will control system’s Internet browser to visit web sites that are relevant to moneymaking format. It is the root cause of propagating rogue security software, which installs self on computer without of user’s permission.

The Trojan is using a rootkit techniques wherein it able to hide its presence and evade virus scanners. The same method also conceals Backdoor.Tidserv’s activity inside the system. Critical changes made to system and damaging of targeted software may not be visible to ordinary user.

To expand its control over the infected computer, Backdoor.Tidserv will replace the Master Boot Record (MBR) with own code that ensures loading of the Trojan when Windows starts. This process is found on latest variants of Tidserv that adopts the MBR manipulation from Trojan.Mebroot. The procedure of loading the harmful code during boot up process is evident that Trojan can bypass even strict security measures of the target computer.

Backdoor.Tidserv will also perform other malicious activities including the following:

  • Drop several malicious files
  • Download, decrypt and execute files
  • Delete files
  • Add or modify Windows registry entries
  • Connect to a remote computer update its configuration file

Distribution
The Trojan spreads primarily via the Internet. It utilizes popular web sites and social networking sites where naïve visitors are most targeted. It requires user to click on malicious links posted on these sources. Typically, Backdoor.Tidserv will entice user to click on these links by producing sensational reports about politics, celebrities and other topic, which might be of user’s interests.

Additionally, Backdoor.Tidserv will make use of loose security measures provided by peer-to-peer network communication to spread its copy. The Trojan will embed its code to counterfeit programs and may also disguise as software update to lure its victims.

How to Remove Backdoor.Tidserv

NOTE: We suggest that you PRINT or BOOKMARK this guide. There are steps that we may have to restart the computer in order to successfully remove the threat.

Step 1 : Scan and remove Backdoor.Tidserv with this special tool

1. Download the tool FixTDSS.exe from Symantec web site.

2. Save it to a desired location.
3. After download completes, disconnect the computer from Internet.

4. Computers who are running under operating system Windows ME and Windows XP must disable System Restore.
5. Reboot Windows in Safe Mode.
- After turning on the power, press F8 on the keyboard.
- Select Safe Mode from the menu.

6. Go to FixTDSS.exe download location on your hard drive.
7. Double click FixTDSS.exe to run the tool.
8. Let the tool thoroughly scan the computer and perform another scan after rebooting Windows in normal mode.

TDSS Fix Tool

Step 2 : Run a scan with your antivirus program

1. Repeat the process of starting Windows in Safe Mode with Networking.
2. Open your antivirus program and download the most recent update. This method ensures that your antivirus program can detect even newer variants of Backdoor.Tidserv.

Updating your antivirus software is a one-click process. Please refer to your software manual for complete instructions.

3. Once updating is finished, run a full system scan on the affected PC. After the scan, delete all infected items. If unable to clean or delete, better place the threat in quarantine.

Step 3: Run another test with online virus scanner

Another way to remove Backdoor.Tidserv without the need to install additional antivirus software is to perform a thorough scan with free online virus scanner. It can be found on websites of legitimate antivirus and security provider.

1. Click the button below to proceed to the list of suggested Online Virus Scanner. Choose your desired provider. You can run each scan individually, one at a time, to ensure that all threats will be removed from the computer. This may require plug-ins, add-on or Activex object, please install if you want to proceed with scan.

Online Virus Scan

2. After completing the necessary download, your system is now ready to scan and remove Backdoor.Tidserv and other kinds of threats.
3. Select an option in which you can thoroughly scan the computer to make sure that it will find and delete entirely all infections not detected on previous scan.
4. Remove or delete all detected items.
5. When scanning is finished, you may now restart the computer in normal mode.

Alternative Removal Procedures for Backdoor.Tidserv

Option 1 : Use Windows System Restore to return Windows to previous state

If Backdoor.Tidserv enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Backdoor.Tidserv infiltrates the PC, we highly encourage you to execute this procedure if none of the above works.

To verify if System Restore is active on your computer, you can type system restore into the Start menu search box. Typing rstrui on the same box and pressing Enter also opens this function.

System Restore

If previous restore point is saved, you may proceed with Windows System Restore. Click here to see the full procedure.

Option 2 : Backdoor.Tidserv manual uninstall guide

IMPORTANT! Manual removal of Backdoor.Tidserv requires technical skills. Deleting system files and registry entries by mistake may result to total disability of Windows system. We advise you to perform a backup of registry before proceeding with this guide.

1. Kill any running process that belongs to Backdoor.Tidserv.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for Backdoor.Tidserv files (refer to Technical Reference) and click End Process.

End Task

2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit and press Enter. This will open registry editor.
- Find and delete the following:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random charaters.exe]"
- Close registry editor. Changes made will be save automatically.

Run Regedit

3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.

4. Delete all files dropped by Backdoor.Tidserv.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Technical Reference'. Make sure that you execute 'End Task' first before deleting the file. Otherwise, the system will not let you perform this action.

Technical Reference

Associated Files and Folders:Added Registry Entries:

Ways to Prevent Backdoor.Tidserv Infection

Take the following steps to protect the computer from threats. Suggested tools and security setup within installed software helps prevent the same attack on your PC.

Install an effective anti-malware program

Your first line of defense would be an effective security program that provides real-time protection. We have a list of anti-malware program that are tried and tested. It does not only scan files but also monitors your Internet traffic and is extremely active on blocking malicious communication. Click on the button below to download our recommended anti-malware program.

Get Protection Software

Always update your installed software

Software vendors constantly releases updates for programs whenever a flaw is discovered. Getting the updates makes the computer more secured and help prevents Trojan, virus, malware, and Backdoor.Tidserv similar attacks. If in case your program is not set for instant update, it usually offered from vendor's web site, which you can download anytime.

Maximize the security potential of your Internet browser

Each browser has their own feature where in you can adjust the security settings that fit your browsing habit. We highly encourage you to maximize the setup to tighten the security of your browser.

Apply full caution when using the Internet

Internet is full of fraud, malware, and many forms of computer threats including Backdoor.Tidserv. Implement full caution with links that you may receive from emails, social networking sites, and instant messaging programs. It might lead you to malicious sites that can cause harm to your computer. Avoid strange web sites that offers free services and software downloads.