I just spent the last 4 or more hours getting rid of a TDSS infection, so I feel the need to detail what went on. It began by my Mom telling me some family friend's needed help with their computers again (I had upgraded their laptop to Windows 7). Their wireless printer wasn't printing documents. I went to their home, and solved the problem in about 10 minutes. They had got a new router and their printer's IP was different than what the PC though it was, so setting the new IP address fixed it, as well as switching to a different network they had. Their son's laptop had the same problem, but the fix required removing and re-adding the printer. However, since he is a high-risk user, I asked them if I could scan his PC. I did with HitmanPro. It found about 11 entries for ZeroAcess. At that point I thought, "Oh crap." I decided to get a second opinion from TDSSKiller. It found similar infections. I chose to remove them. While I was, McAfee popped up an alert about Desktop.ini in the GAC_32 and GAC_64 directories. I figured the malware would just regenerate. I removed the infections with TDSSKiller, but it failed to cure services.exe. I restarted and let McAfee have a go at the Desktop.ini malwares. After rebooting, the same alert occurred, which meant the malware was regenerating. I decided to use my Kaspersky Rescue CD on my USB drive. However, it had some error and failed to boot! My silver bullet had failed when I needed it most. I again ran TDSSKiller, it removed the same files, and still failed to cure services.exe. At this point I decided to use KillSwitch, and disable services.exe. I also opened the folder and renamed it to servicesvirus.exe, so it would not run. I had done this with a fake AV on my Mom's laptop, and it had crippled the malware and interrupted its regeneration. However, I wasn't aware this services.exe was the actual services.exe, not a pure malware file. This resulted in the computer having lots of errors. I rebooted it, and got the startup repair screen. I did it, and it just went back to the startup repair screen. Because of this I booted to a Windows recovery CD on my USB drive. I attempted startup repair, but it failed. I though maybe the TDSS thing had infected the MBR, so I did FixMBR and FixBoot. That was a horrible mistake. I rebooted, and the computer failed to boot saying it couldn't find an OS or something. Feeling very worried I had bricked their PC, I went home and made an actual CD repair CD from a good PC. I brought the CD back, and attempted startup repair from the CD. It worked. I rebooted and was back to the startup repair loop. Realizing at this point the services.exe file was necessary and not pure malware, I booted into Ubuntu and renamed it. After rebooting again, I could get into Windows. Success. I Googled how to replace the services.exe file. I ran TDSSKiller again, with the scan loaded modules option selected. I ran a scan, removed what it found, and it failed to cure services.exe. However, I ran sfc /scanfile=c:\windows\system32\services.exe. Windows detected the corrupt file, and upon reboot replaced it. I ran the command again, and no corruption was found! With the services.exe file fixed, I replaced McAfee with Norton and ran another scan with HitmanPro, to verify there was no malware. Unfortunately, almost everything was still there, except for the infected services.exe. I decided to activate the free trial for HMP and let it remove the infections. It did, and after rebooting, I ran another scan, this time all clean! From this experience I have learned: 1. The TDSS infection is a tricky bastard. 2. USB Windows repair discs are rubbish. 3. Do not rename files to try and deactivate them, as they may actually be infected files and not pure malware.