Sunday, March 25, 2012

Removing Alureon.A / Backdoor.Tidserv!kmem

A friend had a nasty virus on his Windows XP computer. His Symantec endpoint protection software continually notified that a virus was found but not removed. In the Symantec program the virus was called "Backdoor.Tidserv!kmem".

First, I wanted to make sure that his XP was up-to-date. Updating Windows is important to make sure all known security holes are patched up. That makes it harder for viruses to get in the system in the first place. Unfortunately, the whole update system was disabled by the virus! Microsoft update and windows update webpages did not work on Internet Explorer, and you cannot use other browsers on those sites.

What I did first was to try to fix the update system by manually installing the Microsoft Windows update agent.  That did not work, and the windows did still not update with the virus in it.

Then I tried to manually install the Windows Malicious Software Removal Tool, and to remove the virus with it. Normally the removal tool is installed with the updates automatically, but now the virus was blocking that route, so that's why I had to install it manually. After running a quick scan with it and finding the virus (Alureon.A), I found that even the Malicious Software removal tool cannot remove this nasty virus.

By the way, If you ever want to run the Malicious Software Removal Tool again, you can just go to Start menu and click "Run...", and then write "mrt" and press enter. This will start the removal tool for you.

Back to the virus removal. By googling Alureon.A I finally found a cure. This Rootkit removal tool by Kaspersky (download link) removed the virus finally. Kaspersky's webpage for the tool is here. Symantec gave few virus warnings as the Kaspersky tool was running, but it didn't interfere with the removal. After booting the computer, also the windows update system was functional again!

Now the first thing to do was to update the XP to the newest version by going to the Microsoft Update webpage with Internet Explorer, and installing all the Express updates.

Finally the computer was free of viruses, and patched against the newest security holes. Always remember to update Windows and your web browser regularly to avoid virus infections!

iPod Nano blank screen fix

OK, this is not a PC tip, but whatever... Might help someone. A friend's iPod Nano 4th generation (A1258) went "dead". The thing didn't power on anymore and the screen was just blank. This happened after the Mac it was connected to ran out of battery juice.

The solution I found in the iPod Nano 4th gen. manual was simple: you have to reset the Nano. To do this, switch the hold switch (on top of the Nano) on and off and then quickly press menu and center buttons together and hold them for some 6 seconds.

This resets the Nano and it should run again fine!