Tips and Tricks

New Removal Tools for the TDSS Family of Crimeware

It's now known that the cyber-criminal team behind the TDSS (also known as TDL4 or Alureon) operation has developed the tool for more than personal motives.

TDSS is not only one of the most important bots at the moment in terms of infection count, but also one of the most sophisticated. It has a hidden partition on the infected machine that hosts the code to subvert the OS before it starts, it can infect both 32- and 64-bit versions of Windows 7 and comes with a peer-to-peer communication model between the infected client and the C&C server.

Its complexity and efficiency have made TDSS extremely popular in the cyber underworld. Many current malicious operations are “powered by”clones of TDSS/TDL4 which now appears to be sold as a service.

The increasing number of infections with TDSS variants such as Pihar.A, Pihar.B, Sst.A and Sst.B (MAXSS) prompted us to update the removal tool we published in August. The new tool is able to detect and clean infections with all known clones of TDSS and can be downloaded for free from the Downloads Page of Malware City.

Download the 32-bit version of the tool

Download the 64-bit version of the tool

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

This removal tool is available courtesy of Mihail Andromic, malware researcher.

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.