PC Tools Help Center

Protection Software: How to Remove TDSS-Related Web Search Redirection Threats

Article Number: 266 | Last Updated: Fri, Feb 3, 2012 4:00 AM

Discuss this article on the PC Tools Community Forum

If you are experiencing a search results re-directing to a page where you are not intended, however instead to
advertising websites, fake antivirus sites, and some completely unrelated sites which generate revenue for the remote attackers and their partners, PC Tools HIT Scan tool may remove the threats from your system. 


Fix TDSS-Related Web Search Redirection Using PC Tools™ HIT Scan


Please note that this software has been tested on the following operating systems.

Windows XP
Windows Vista
Windows 7

Step 1:  Running "HIT Scan"

This step explains how to run the “HIT Scan” program.

Step 2:
  The “Alternate Operating System” data gathering phase of the “HIT Scan” tool

This step shows the “Alternate Operating System” data gathering phase of the “HIT Scan” tool.


Step 3:  Locate and send the “HIT Scan” report logs to PC Tools

This step explains how to locate the “HIT Scan” logs.


Step 4:
  Removal of infections (if detected by “HIT Scan”)

This step explains how to use the “HIT Scan” to remove any infections that it detects on your computer.


Step 1:  Running "HIT Scan"

1.  Download "HIT Scan" from the following link and save it to your Desktop (to make it easy to find):

http://downloads.support.pctools.com/HITScan.exe

2. We suggest you disconnect your computer from the Internet (i.e. un-plug the Ethernet cable / disconnect from Wireless) to limit any outside interference while “HIT Scan” is running, but this is optional and not mandatory.

3.  Double-click on the “HITScan.exe” file to start the “HIT Scan” program

4.  Select “I agree to the license agreement”

5.  Select “OK” to allow the installation to proceed
 
         
 

6.  Select the hard drives you want to scan from within the “PC Tools HIT Scan” window (e.g. “C:”)

7.  Ensure the “Smart Scan: scan only the most vulnerable folders”  option is selected

8.  Select “Start Scan
 
         

 

9.  At this stage, the “HIT Scan” program will scan the hard drives you selected and collect information from each file.  At the completion of the scan, the “HIT Scan” program will automatically reboot your computer to load the second stage of the “HIT Scan” data gather process (which occurs within the “Alternate Operating System” environment).
Please do not attempt to manually initiate “PC Tools HIT Scan” during the computer’s boot process.  Please simply allow the “HIT Scan” program to run un-interrupted and it should boot to the “Alternate Operating System” automatically.

 

Step 2:  The “Alternate Operating System” data gathering phase of the “HIT Scan” tool

10.  Once the "Alternate Operating System" interface has fully loaded you will see the “Alternate Operating System” data gathering phase start running automatically.

11.  At the completion of the “Alternate Operating System” data gathering phase, click “Finish

 

 

Step 3:  Locate and send the “HIT Scan” report logs to PC Tools

12.  Once the computer has booted back in to Windows, the “HIT Scan” program should automatically uninstall itself.  Select “Show Folder” from the “PC Tools HIT Scan” window that appears to see the “HIT Scan” logs.
 
         

 

13. Reconnect your computer to the Internet (i.e. plug in the Ethernet cable / reconnect to Wireless) if you previously disconnected it.
Attach all of the files and folders in the window that appears to your reply to the e-mail from PC Tools.  You may need to zip / compress the folders (e.g. the “C” folder) to allow it to be attached to the e-mail.
** This example (Screenshot) is from Windows 7.

 

*** In the above example, you would attach the zip / compress the “C” folder and attach it along with the “HIT Scan.log”, “HITScanC.log” and the “HITScanInstall.log” files to your reply e-mail to PC Tools.


Step 4:  Removal of infections (if detected by "HIT Scan")

If “HIT Scan” detects any suspicious items on your computer, it will show them in the “Alternate Operating Suite” scan results screen.  When this occurs, simply follow the steps shown below to remove the suspicious items.

1.  Select “Replace

The “HIT Scan” tool will then attempt to replace (neutralise) the suspicious files in the system and provide you with a results screen showing the outcome of this process.

2.  Select “Finish

If the “HIT Scan” did detect any suspicious items and you did chose to replace them, please let us know via reply e-mail if this resolved the issues you were having.  Please also include the “PC Tools HIT Scan reports” files and folders requested in “Step 13” regardless of the outcome.


*NOTE:  If the “HIT Scan” tool detects a suspicious file or files, but does not have a clean (non-infected) copy of the file to use to replace it, it will show this information in the scan results screen (see screenshot below).

This just means that the “HIT Scan” tool has identified suspicious files in the system and in order to fully neutralize them, it needs to collect clean (non-infected) copies of those files from within the Windows Operating System.  To complete the remediation process, simply follow the steps shown below…

1.       Select the “Replace” tab

2.       Select “OK”.  This will automatically reboot the computer back to Windows to allow “HIT Scan” to collect clean copies of the files it detected.  The “clean” files will be collected automatically when the computer boots back to Windows.


3.       Select “OK” from the following window when it appears to reboot the computer back to the "Alternate Operating System" and allow “HIT Scan” to complete the remediation process.

         
 
4.       Once the "Alternate Operating System"  re-scan has completed, select the “Replace” tab

5.       Select “Finish” to reboot back to Windows


Did this Article Answer your Question?
Yes No
Attachments Attachments
There are no attachments for this article.
  • Icon PrinterPrint Article
  • Icon EmailEmail Article to Friend
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word