Removing TDSS Rootkit (Google Redirects) Using TDSSKiller

TDSS is a nasty trojan that has both a rootkit component and a bot component. The rootkit is responsible for making the trojan’s files invisible on disk, and for providing hidden and encrypted storage for the bot component. The bot component connects to remote computers and makes the infected computer part of a botnet. It is also able to update, download and install additional malware. TDSS rootkit hides by infecting a low level system driver, most notably atapi.sys, iastor.sys or vmscsi.sys.

Following are some of the symptoms of the TDSS infection :

  • When you click on the Google search results, you are redirected to unknown sites.
  • You are unable to run many programs like your antivirus programs.
  • You cannot open security related websites like the sites of antivirus vendors.

If you are infected with the TDSS rootkit, then you need special software for removing it. The leading security vendor Kaspersky has provided a free tool for removing the TDSS rootkit – called the TDSSKiller. You can follow these instructions to use TDSSKiller and get rid of the TDSS rootkit from your system :

  1. Download TDSSKiller from Kaspersky web site at
  2. Extract the contents of the ZIP archive to a folder on your desktop.
  3. Double-click on TDSSKiller.exe to run it. If you are prompted with User Account Control window, then click Yes to give administrator permissions.

    Remode TDSS Rootkit with Kaspersky TDSSKiller

  4. When the TDSSKiller window opens up, just click on the Start scan button to start the scanning process. It scans only the key areas of your system so the scan is done quickly.

    Remode TDSS Rootkit with Kaspersky TDSSKiller

  5. When the scan is over you would be shown the results. If TDSS infection is found you would see a list of trojan infected files. The TDSSKiller tool automatically selects an action (Cure or Delete) for all the detected malicious objects. Although you can select the action by clicking on the action and choosing one, but it is recommended that you leave the auto-selected actions untouched. Click on the Continue button to proceed. This will delete the detected malware files.

    Remode TDSS Rootkit with Kaspersky TDSSKiller

  6. Some files may not get deleted and it may require the computer to reboot in order to delete them. In that case, click on the Reboot computer button to restart Windows and let the malicious objects be removed.

    Remode TDSS Rootkit with Kaspersky TDSSKiller

After your computer reboots, TDSS rootkit should be completely removed from your system. Just to be on the safer site, you should scan your system again with ESET Online Scanner so that any remaining malware also get removed. You can read this article on how to scan your system with ESET online scanner.