Sophos Anti-Virus: Removal of TDSS family of trojans

  • Article ID: 55430
  • Updated: 15 Sep 2009

The TDSS family of Trojans is a new type of malware commonly encountered following a successful installation of the FakeAV and Alureon malware families.  Sophos provides detection and blocking of these malware families and of TDSS.  However if TDSS manages to install itself successfully, for example on a computer without up-to-date and active Sophos Anti-Virus, it can be very hard to remove.
Once it installs, TDSS manages to corrupt all major anti-virus programs, including Sophos Anti-Virus.  It also uses rootkit techniques to hide from the Windows file system. 

What to do

Download the Sophos Anti-Rootkit, and refer to the instructions given in the knowledgebase article Sophos Anti-Rootkit: Overview to detect and remove TDSS from compromised systems.

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent