TDX.sys Threat: Win32:Alureon-FZ

Viruses and worms
1

I got this thing in a drive by. Avast identified it. When I remove it, I can’t connect to the Internet. I replaced it with an original, clean TDX.sys. Same problem. How can I clean this and still get on the net? Thanks.

2

welcome to the forum

http://www.sevenforums.com/drivers/1875-tdx-sys-causing-bsod-fixed.html

see if this could help you solve the problem.

good luck, let us know how it goes.

3

Thanks. But my problem isn’t the BSOD. I believe that TDX.sys scans my computer for sensitive information and then ships it somewhere. When I replace the file with a clean one, I cannot get on the internet. Avast flags it as a problem, but it won’t clean it and allow me to be on the internet. I have run Malwarebytes and TDSSKiller and they both read clean.

4

upload the file(s) to www.virustotal.com and test it with 43 malware scanners (max 20mb)
When you have the result, copy the URL in the address bar and post it here

5

AhnLab-V3 2010.10.12.02 2010.10.12 -
AntiVir 7.10.12.193 2010.10.12 -
Antiy-AVL 2.0.3.7 2010.10.12 -
Authentium 5.2.0.5 2010.10.12 -
Avast 4.8.1351.0 2010.10.12 Win32:Alureon-FZ
Avast5 5.0.594.0 2010.10.12 Win32:Alureon-FZ
AVG 9.0.0.851 2010.10.12 -
BitDefender 7.2 2010.10.12 -
CAT-QuickHeal 11.00 2010.10.12 -
ClamAV 0.96.2.0-git 2010.10.12 -
Comodo 6366 2010.10.12 -
DrWeb 5.0.2.03300 2010.10.12 -
Emsisoft 5.0.0.50 2010.10.12 -
eSafe 7.0.17.0 2010.10.12 -
eTrust-Vet 36.1.7906 2010.10.12 -
F-Prot 4.6.2.117 2010.10.11 -
F-Secure 9.0.15370.0 2010.10.12 -
Fortinet 4.2.249.0 2010.10.12 -
GData 21 2010.10.12 Win32:Alureon-FZ
Ikarus T3.1.1.90.0 2010.10.12 -
Jiangmin 13.0.900 2010.10.12 -
K7AntiVirus 9.65.2733 2010.10.12 -
Kaspersky 7.0.0.125 2010.10.12 -
McAfee 5.400.0.1158 2010.10.12 -
McAfee-GW-Edition 2010.1C 2010.10.12 -
Microsoft 1.6201 2010.10.12 -
NOD32 5525 2010.10.12 -
Norman 6.06.07 2010.10.12 -
nProtect 2010-10-12.01 2010.10.12 -
Panda 10.0.2.7 2010.10.12 -
PCTools 7.0.3.5 2010.10.12 -
Prevx 3.0 2010.10.12 -
Rising 22.69.01.04 2010.10.12 -
Sophos 4.58.0 2010.10.12 -
Sunbelt 7044 2010.10.12 -
SUPERAntiSpyware 4.40.0.1006 2010.10.12 -
Symantec 20101.2.0.161 2010.10.12 -
TheHacker 6.7.0.1.055 2010.10.12 -
TrendMicro 9.120.0.1004 2010.10.12 -
TrendMicro-HouseCall 9.120.0.1004 2010.10.12 -
VBA32 3.12.14.1 2010.10.12 -
ViRobot 2010.9.25.4060 2010.10.12 -
VirusBuster 12.67.14.0 2010.10.12 -

6

Only avast detect it (GData is using avast! and Bitdefender virus engine) so possible False Positive … ???

7

What worries me is that it is controlled by “TrustedInstaller” and not me. Is there some place where I can send the file to have it checked? I know Symantec has a testing lab. Should I try it?