TDSSKiller

Click here to visit Original posting

TDSSKiller is a utility created by Kaspersky Labs that is designed to remove the TDSS rootkit. This rootkit is know under other names such as Rootkit.Win32.TDSS, Tidserv, TDSServ, and Alureon. TDSSKiller will also attempt to remove other rootkits such as the ZeroAccess or ZeroAccess rootkit if it is detected.

A rootkit is a malware program that is designed to hide itself or other computer infections on your computer. These types of programs are typically harder to remove than generic malware, which is the reason that stand-alone utilities such as TDSSKiller have been developed.

Usage Instructions

TDSSKiller can be downloaded as an EXE or a ZIP file that contains the executable. When using the program, it is easier to download the EXE directly and only download the ZIP file if your computer software or Internet connection does not allow the direct download of executables.

It is important to note that many rootkits target the name of the TDSSKiller executable so that it is terminated when you attempt to run it. Therefore, after downloading or extracting the executable you should rename it to iexplore.exe so that it can more easily bypass any protection routines a particular rootkit may use.

TDSSKiller has the following command-line arguments:

-l - Save the TDSSKiller to log to the specified file name. If you do not specify a full pathname, TDSSKiller will save the log in the same folder that the executable resides in.

-qpath - Specify the path to a folder that TDSSKiller should use as the Quarantine folder. If this folder does not exist, TDSSKiller will create it.

-h - Display a list of the command line arguments.

-sigcheck - Detects all drivers that do not contain a digital signature as suspicious.

-tdlfs - Detect the presence of TDLFS file system which the TDL 3/4 rootkits create in the last sectors of hard disk drives for storing its files. All these files can be quarantined.

The following arguments make the actions apply without prompting the user:

-qall - Copy all objects to quarantine folder (Very Aggressive).

-qsus - Copy only the suspicious objects to the quarantine folder. (Safer)

-qboot - Quarantine all boot sectors.

-qmbr - Make a copy of all the Master Boot Records and store them in the quarantine folder.

-qcsvc - Copy the specified service to the quarantine folder.

-dcsvc - Delete the specified service. Only use if your sure the service should be removed.

-silent - Scan the computer in silent mode. This will not display any windows and allows the program to be used in a centralized way over the network.

-dcexact - Automatically detect and cure any known threats.

For example, you can use the following command to scan your PC and also generated a detailed log written to the file called report.txt. This report will be created in the same folder that TDSSKiller resides in.
TDSSKiller.exe -l report.txt

For a detailed tutorial on how to scan your computer and remove rootkits using TDSSKiller, please visit this guide:

How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller

Key Features

Detects and removes the malware family Rootkit.Win32.TDSS, bootkits, and rootkits
The utility has Graphical User Interface.
The utility can be run in Normal Mode and Safe Mode
The utility supports 32-bit and 64-bit operation systems.

Zoom offers AI-based updates to its Workplace collaboration space

The importance of the Vulnerability Operations Centre for cybersecurity

Quordle today – hints and answers for Friday, April 19 (game #816)

NYT Strands today — hints, answers and spangram for Friday, April 19 (game #47)