Removing Alureon.A / Backdoor.Tidserv!kmem

A friend had a nasty virus on his Windows XP computer. His Symantec endpoint protection software continually notified that a virus was found but not removed. In the Symantec program the virus was called "Backdoor.Tidserv!kmem".

First, I wanted to make sure that his XP was up-to-date. Updating Windows is important to make sure all known security holes are patched up. That makes it harder for viruses to get in the system in the first place. Unfortunately, the whole update system was disabled by the virus! Microsoft update and windows update webpages did not work on Internet Explorer, and you cannot use other browsers on those sites.

What I did first was to try to fix the update system by manually installing the Microsoft Windows update agent.  That did not work, and the windows did still not update with the virus in it.

Then I tried to manually install the Windows Malicious Software Removal Tool, and to remove the virus with it. Normally the removal tool is installed with the updates automatically, but now the virus was blocking that route, so that's why I had to install it manually. After running a quick scan with it and finding the virus (Alureon.A), I found that even the Malicious Software removal tool cannot remove this nasty virus.

By the way, If you ever want to run the Malicious Software Removal Tool again, you can just go to Start menu and click "Run...", and then write "mrt" and press enter. This will start the removal tool for you.

Back to the virus removal. By googling Alureon.A I finally found a cure. This Rootkit removal tool by Kaspersky (download link) removed the virus finally. Kaspersky's webpage for the tool is here. Symantec gave few virus warnings as the Kaspersky tool was running, but it didn't interfere with the removal. After booting the computer, also the windows update system was functional again!

Now the first thing to do was to update the XP to the newest version by going to the Microsoft Update webpage with Internet Explorer, and installing all the Express updates.

Finally the computer was free of viruses, and patched against the newest security holes. Always remember to update Windows and your web browser regularly to avoid virus infections!

Comments

Popular posts from this blog

How to fix the weird audio bug in Kingdom Come: Deliverance

How to install and play Curse of Monkey Island on Android

How to get rid of coil whine just by tweaking BIOS

Minecraft recv failed error... fixed!

Where does uTorrent keep its .torrent files?

Stop the CxUiUSvc service from eating your RAM