How do you remove all virus infections quickly and easily? (TDSS, TDL1, TDL2, TDL3, TDL4, Alureon, Bootkit, Rootkit, DNSChanger and Mebroot)

The following Solutions remove all virus/malware infections including TDSS, TDL1, TDL2, TDL3, TDL4, Alureon, Bootkit, Rootkit, DNSChanger and Mebroot.

To avoid a lengthy Virus Removal Process or a lengthy Windows Reload Process, you can quickly and easily remove all virus infections from a computer using one or more of the following Five Solutions.  If Solution #1, Solution #2 or Solution #3 are not utilized, it may take hours as opposed to minutes to remove a virus infection.  Please also note that a slow computer may not be a virus infection.  The computer may be slow due to having more than one full printer driver installed or having more than one antivirus application installed.  Microsoft Windows only supports only one full printer driver as well as only one realtime antivirus application.

The removal process should be performed in the following order:

• Solution #1 - Perform a Windows System Restore.
  
  
• Solution #2 - Perform a Malwarebytes Scan in Safe Mode with Networking After Updating Signatures.  Before running Malwarebytes, run Ccleaner - it will make the Malwarebytes complete the scan faster.  After updating signatures, run Malwarebytes.  When malware objects are found by Malwarebytes, insure that all malware objects are marked for removal before hitting the Remove button.
  
  
• Solution #3 - Perform a scan using Kaspersky TDSSKiller and/or Symantec FixTDSS and/or Kaspersky Virus Removal Tool.   If TDSSKiller will not run, rename the executable to explorer.exe or iexplore.exe. If it will still not run, run Symantec FixTDSS.  Some instances of TDSS prevent the use of Kaspersky TDSSKiller therefore, you will need to run Symantec FixTDSS.  If you run the Symantec FixTDSS tool, be sure to run the tool from the local computer not from a windows share on a network.
  
  
• Solution #4 - Delete hidden partition.  Alureon.E creates a small, hidden partition on Disk 0 also called HardDiskVolume3.  To remove this partition, please perform the following steps:
1. On the Windows Desktop, right-click My Computer and select Manage.
   
   
2. Click Disk Management.
   
   
3. Locate the small 2mb to 3mb partition on Disk 0 also called HardDiskVolume3.
   
   
4. Click this small partition. Confirm that you have this small partition selected.
   
   
5. Right-mouse click this partition and select Delete.
   
   
6. Click Yes to confirm deletion.
   
   
7. Upon deletion, reboot computer.
   
   

• Solution #5 - Scan Infeced Hard Drive from Second Computer.
  
  
  1. Take the infected hard drive out and attach it to a second computer.  
     
     
  2. Using TDSSKiller on the second computer, select the appropriate drive letter of the infected hard drive - scanning both the Standard Method and the Detect TDLFS method.
     
     
  3. Upon TDSSKiller removing the infection, put the hard drive back in the original computer and boot off the Windows Boot Disk.
     
     
  4. Select Repair Your Computer - System Recovery - Command Prompt.
     
     
  5. Type: bootsect /nt60 c:
     
     
  6. Hit Enter.
     
     
  7. Type: bootrec /fixmbr
     
     
  8. Hit Enter.
     
     
  9. Type: bootrec /fixboot
     
     
  10. Hit Enter.
      
      
  11. Type: bootrec /scanos
      
      
  12. Hit Enter. Hit Y if prompted.
      
      
  13. Type: bootrec /rebuildbcd
      
      
  14. Hit Enter.
      
      
  15. Reboot the computer.
      
      

This issue has been resolved.  

Perform a System Restore (Highly Recommended)

Since 2001, Microsoft Windows has included System Restore.  System Restore will restore Microsoft Windows System Files to their original state prior to a problem with your computer and/or a virus infection.  The restoration process performed by Microsoft Windows System Restore does not negatively impact user documents, user settings nor the functionality of third-party software applications.   System Restore only restores Microsoft Windows System Files to their original state.  It is possible that the System Restore process will not resolve the issue with your computer since the issue may not involve System Files.  In this instance, you would then need to proceed to the next option in this list.

1. Click Start.
   
   
2. Click All Programs - Accessories - System Tools - System Restore or use Start - Run - rstrui.exe.  Or from the command line, type: %systemroot%\system32\restore\rstrui.exe.  Or browse to C:\Windows\System32\restore and double-click rstrui.exe
   
   Follow the instructions on the Wizard to restore from a System Restore Point.  If the computer is unable to perform a System Restore, you can resolve this issue using the following steps:

• Using regedit, navigate to the following registry key: HKEY_LOCAL_MACHINE \ Software \ Policies \ Microsoft \ Windows NT \ SystemRestore
  
  
• In the right-pane:  Delete the registry keys: DisableConfig and DisableSR.
  
  
• Reboot the computer.  System Restore will now function.   

Remove Hidden Attribute from My Documents, Favorites, Desktop and Start Menu

 

After removing a TDSS infection, you may now need to remove the Hidden attribute from My Documents, Favorites, Desktop and Start Menu.  To unhide My Documents, Favorites, Desktop and Start Menu - please perform the following steps:

1. Click Start - Run.
   
   
2. Type: cmd
   
   
3. Click OK.
   
   
4. Type: cd c:\
   
   
5. Hit Enter.
   
   
6. Type: attrib -h /s /d
   
   
7. Hit Enter.

This process will unhide all files on the computer.  You may encounter the error messages, "Access denied" as well as "Not resetting system file."  This is normal.  Since the introduction of Microsoft Windows XP, Microsoft Windows includes Windows File Protection which prevents this command from impacting the integrity of Microsoft Windows while still resolving the issue at hand.

Remove Read-Only Attribute from My Documents, Favorites, Desktop and Start Menu

 

After removing a TDSS infection, you may now need to remove the Read-Only attribute from My Documents, Favorites, Desktop and Start Menu.  To remove the Read-Only attribute from My Documents, Favorites, Desktop and Start Menu - please perform the following steps:

1. Depending upon your operating system, browse to C:\Documents and Settings\%username% or C:\Users\%username%.
   
   
2. Using Windows XP, hold down the CTRL Key and select My Documents, Favorites, Desktop and Start Menu.  Using Windows Vista and Windows 7, hold down the CTRL key and select Documents, Favorites and Desktop.
   
   
3. Right-mouse click the selected folders and select Properties.
   
   
4. Uncheck the Read-Only attribute and click Apply.  Allow the process to complete.  This may take 10 minutes or more.
   
   
5. Click OK.
   
   
6. If you are using Windows XP, you have the remaining task of removing the Read-Only attribute from the All Users Start Menu.
   
   
7. Browse to C:\Documents and Settings\All Users.
   
   
8. Right-mouse click Start Menu and select Properties.
   
   
9. Uncheck the Read-Only attribute.
   
   
10. Click OK.
    
    
11. If you are using Windows Vista or Windows 7, you have the remaining task of removing the Read-Only attribute from the User and All Users Start Menu.  Browse C:\users\%username%\AppData\Roaming\Microsoft\Windows.
    
    
12. Right-mouse click Start Menu and select Properties.
    
    
13. Uncheck the Read-Only attribute.
    
    
14. Click OK.
    
    
15. Browse to C:\ProgramData\Microsoft\Windows.
    
    
16. Right-mouse click Start Menu and select Properties.
    
    
17. Uncheck the Read-Only attribute.
    
    
18. Click OK.