• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Rogue Anti Spyware › Trojan › Tutorials - HowTo › How to remove Antivirus XP 2008 and tdssserv.sys trojan

How to remove Antivirus XP 2008 and tdssserv.sys trojan

Myantispyware team August 27, 2008     33 Comments    

Antivirus XP 2008 is a rogue antispyware application that is starting to infect a lot of users. This particular infection is harder to remove. Also Antivirus XP 2008 installed in your Internet Explorer browser that hijacks searches you input into the Google search engine. This program usually installed itself onto your PC without your permission, through trojans (trojan.tdsserv, trojan.agent, trojan.fakealert) and browser security holes.

rogue antispyware

HijackThis shows infection:

F2 – REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\oembios.exe,
O4 – HKLM\..\Run: [lphc31tj0ev99] C:\WINDOWS\system32\lphc31tj0ev99.exe

How to remove Antivirus XP 2008:

Step 1: Remove TDSServ trojan.

  • Download Avenger from here and unzip to your desktop.
  • Run Avenger, copy,then paste the following text in Input script Box:

    Drivers to delete:
    TDSSserv.sys

    Registry values to delete:
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | brastk

    Files to delete:
    C:\WINDOWS\system32\wini10894.exe
    C:\WINDOWS\brastk.exe
    C:\WINDOWS\system32\brastk.exe
    C:\WINDOWS\karna.dat
    C:\WINDOWS\system32\karna.dat

    Then click on ‘Execute’.

  • You will be asked Are you sure you want to execute the current script?. Click Yes.
  • You will now be asked First step completed — The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes.
  • Your PC will now be rebooted.

Step 2: Remove Antivirus XP 2008 and associated malware.

  • Download MalwareBytes Anti-malware (MBAM) Close all programs and Windows on your computer.
  • Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select “Perform Quick Scan”, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

If you are still having problems, then I would recommend you follow these instructions and post your logs in the spyware removal forum. Myantispyware team will help you.

Rogue Anti Spyware Trojan Tutorials - HowTo

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

33 Comments

  1. Chris
    ― April 16, 2009 - 4:13 pm

    it is TDSSSERV.Q not .Sys tho, does that matter? :S, btw norman keeps spamming all the time over and over >.<

  2. Patrik
    ― April 16, 2009 - 7:06 pm

    Chris, please follow these steps.

  3. chris
    ― April 17, 2009 - 8:15 am

    sorry, but i can’t my explorer.exe file has now disappeared from my computer and all i can do is to use the task manager, so that’s why following those steps wll be quite … difficult.

« Previous 1 2

Leave a Reply Cancel reply




New Guides

Rseschoosema.info
How to remove Rseschoosema.info pop-ups (Virus removal guide)
Files encrypted with .nbes extension
.Nbes file extension. Remove Nbes virus. Recover, Decrypt .nbes files.
Ticcopioidyou.info
How to remove Ticcopioidyou.info pop-ups (Virus removal guide)
unwanted ads
How to remove Premium Field app from Mac (Virus removal guide)
Usionhousine.info
How to remove Usionhousine.info pop-ups (Virus removal guide)

Follow US

Search

Useful Guides

browser redirect virus
How to remove Browser redirect virus [Chrome, Firefox, IE, Edge]
This setting is enforced by your administrator (Removal guide)
ads by adware
How to remove Adware from Windows 10 (Virus removal guide)
adwcleaner
AdwCleaner – Review, How to use, Comments
installed by enterprise policy
How to remove Chrome extensions installed by enterprise policy

Recent Posts

How to remove rogue antispyware: XP Guard, AntiVir64, MSAntivirus, Power Antivirus, SpywarePrevent, XpertAntivirus
How to remove cnn.com and msnbc.com fake breaking news spam-virus and joke-bluescreen malware
XLGuarder – fresh rogue antispyware | How to remove
How to remove VirusRemover2008 (Delete instructions)
Fresh rogue antispyware: WistaAntivirus, WinDefender, SpywareScanner2008

MYANTISPYWARE.COM

  • About Us
  • Contact Us

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2019 My AntiSpyware - Free antispyware programs and Spyware Removal Instructions.