Fix Virus/Trojan Instructions
TDSS/TDL/Alureon MBR rootkit trojan:
The TDSS/TDL/Alureon MBR rootkit trojan is a particularly malicious program. When your computer is infected with the trojan, the Master Boot Record (MBR) is altered to ensure that the trojan will even survive a complete format of the hard drive.
Once your computer is infected, the trojan sends information from your computer to a criminal enterprise. The types of information that are stolen are account ids and passwords (such as your UTD NetID and password, hotmail, gmail, paypal and facebook accounts, etc.), credit card information (PIN numbers, expiration dates and card numbers) and banking information (account numbers, passwords, etc.)
Due to the malicious and dangerous nature of this trojan, the Information Security Office will block your UTD account and reset its password to the default in addition to preventing your computer from accessing the UTD network.
IMPORTANT! This means you will have NO ACCESS to UTD computing resources! You will be unable to log into ANY UTD computer resources from ANY computer, including computer labs, until you have removed this trojan and contacted the UTD Help Desk to have your account unblocked.
These steps are taken to protect you as well as the UTD network.
Once you have become aware that your computer is infected with the trojan, you should take the following steps.
- DO NOT USE THE COMPUTER ANYWHERE. Although we have protected you on our network, your computer will appear to work fine anywhere else (home network, coffee shops, airports, etc.) However, it will be continuously stealing data from you.
- Obtain the tools to clean the computer.
A video explanation of fixing the MBR - http://www.youtube.com/watch?v=08OWh3aVpRI
TDSSKiller - http://support.kaspersky.com/faq/?qid=208280684
- Please Note: most antivirus software is not capable of detecting this trojan. If you run a scan, it may falsely tell you that the computer is virus free.
- Run the TDSS cleaner tool, following the instructions precisely.
- If the cleaner tool does not find the trojan, you will need to manually repair your computer's Master Boot Record.
Fix the MBR:
Windows XP and Vista - http://helpdeskgeek.com/how-to/fix-mbr-xp-vista
Windows 7 - http://www.sevenforums.com/tutorials/20864-mbr-restore-windows-7-master-boot-record.html
- Once the computer is cleaned, contact the Information Security Office at 972-883-6810. We will reinstate your account and restore your computer's access to the UTD network.