WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
From novice to tech pro — start learning today.
Have you first tried TDSSKiller?
TDL4 rootkits creates a hidden partition and modifies the partition table so it point to its malicious partition making it the active partition.
You can see which is the active partition using Gparted and you can change the boot flag there and you also have the option to delete the malicious partition.
The most important thing is to change the boot flag to the correct partition, once you've done that then all is well even if you leave the malicious partition there so long as it doesn't have the boot flag.
If Avast has already changed the boot flag to the correct partition, then the malicious partition is now harmless.
If you have run TDSSKiller and it didn't help, run this new tool below.
Download the yorkyt.exe disinfection tool.
http://www.pandasecurity.com/resources/tools/yorkyt.exe
Doubleclick to run.
A reboot will be requested to install a driver.
Another reboot will be requested to complete the disinfection.
When the disinfection is completed, accept the message that will be displayed.
Avast also has a tool that can also change the boot flag to the correct partition.
http://public.avast.com/~gmerek/aswMBR.htm#fix0