Variant: WORM_TDSS.TX
Operating Systems Affected: Windows 9x, 2000, XP, Server 2003, Vista, 7
WORM_TDSS.TX is a newly released in the wild version of the nasty PC worm malware. What is a Computer Worm? Computer worms are programs designed to execute on its own, self replicate and spreads via shared network drives. Now that we know how it spreads, What damage would WORM_TDSS.TX bring to our system? It primarily targets the Internet Explorer browser – lowers IE security settings, creates a new homepage, modifies the search page functionalities and potentially lead to additional malware downloads on the already infected system.
REMOVAL INSTRUCTIONS:
• Temporarily disable system restore (Windows ME and Windows XP users only)
• Restart the computer and boot into safe mode with networking (Press the F8 key on Windows boot up)
• Update Anti-Virus definition files
• Run an Anti-Virus full system scan
• Show hidden files and folders
• Search and delete identified WORM_TDSS.TX infected files
EXPL_CPLNK.SMA
AUTORUN.INF
• Navigate and delete the listed registry values: (Start → run → regedit → navigate and delete the listed registry entries)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\international
acceptlanguage=en-us
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION
svchost.exe=8888
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings
maxhttpredirects=8888
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings
enablehttp1_1=1
• Navigate the registry editor and restore the modified registry values to its original state
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
From: CurrentLevel=0
To: CurrentLevel69632
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
From: 1601=0
To: 1601=1
{Disclaimer: Registry modification is done at your own risk. Backup the registry before making any changes!}
• Re-enable System Restore (Windows ME and XP users only)
• Restart and boot under normal mode
• Run an Anti-Virus full system scan again (just to make sure your system is free from worm infection)