TDSSKiller – A Rootkit Destroyer

With so many flavors of malware out there, a wide variant of viruses, and a cornucopia of rootkits one needs to know how to combat them once infected.  A handy, easy to use little tool from Kaspersky offers a lot of bang for its buck.  Personally one of the scariest types of malware out there, the rootkit is an especially nasty one to get rid of.  Having something to fall back in in case of infection is a necessity for any tech or home user battling it out for a computer’s security.  That’s where TDSSKiller comes in to give the edge to the good guys.

Locate And Execute

The most important part of using a program is where to initially find it.  Talking about it does no good if it is hidden from the public.  Mosey on over to this Kaspersky website to download a copy.  Do so on the affected computer as it states on the download page.  It is a self contained EXE program and does not actually install on the host machine, making it even easier to use.  It functions on every available Windows OS in existence from XP to Server 08 and either 32 or 64 bit architectures.  After downloading it, double click the EXE and let’s begin.

After running the file, you will be greeted with this window popping up.  There may be a Windows Security window asking if you want to run this, depending on your OS.  Just agree and run the program.  Once at this view, click on “Change parameters” to enter a secondary window.  This will give our scan a little more to check and allow it to be thorough.

Make sure to check the “Detect TDLFS file system” and if you are wanting to be extremely thorough, you can also check the “Verify file digital signatures” but I would do so unless you are fairly sure that you have been infected with some sort of rootkit.  Hit OK and you will be brought back to the main screen.  Click on “Start Scan” to begin our initial scan.

Here you will be able to watch as TDSSKiller scans through your system files in search of the nasty rootkits.  If you only check the TDLFS option above, this scan shouldnt take more than a minute or two.  Times will vary if the File Signatures option was selected as well although it will not take too terribly long.

Once the scan is complete, it will show you the number and name of the infected files as well as give you options to delete the files and clean your PC.  If you are lucky, it will report 0 files infected and you can move on to the other popular scans available for other types of malware such as Malwarebytes, Spybot S&D, MSE, and so on.

Summary

After our scan we can be fairly confident that we are rootkit free.  Considering this scan only takes minutes even on a slow computer, I would recommend it to go into your scanning toolbox.  It is always better to be safe than sorry.  Also, considering it is non-intrusive and doesn’t install anything on the PC itself, it is hard to argue against using it.  At only 2MB it isn’t a space hogger either.  Confidence comes with piece of mind, and with Kaspersky’s TDSSKiller, you can have the piece of mind knowing your computer is safe from rootkits.

Category: Security

About the Author ()

IT Admin in Southern Illinois. Previously Apple Certified Technician with 9 years in the IT/repair world. Writer for PCTechbytes.com and assist in the forum. Have a PC/Mac issue, check out our helpful forums

Comments (5)

Trackback URL | Comments RSS Feed

  1. On my system, a scan with TDSSKiller always brings up what it calls a suspicious object, medium risk. It’s a hidden Akamai netsession client service file at:

    c:\program files\common files\akamai/netsession_win_4f7fccd.dll

    For me, the MD5 value of this file checks out okay after an online search and the file is classified as Safe here:

    http://systemexplorer.net/filereviews.php?fid=11223332

    Just thought I’d point out this false positive that your readers might get when running TDSSKiller.

    • PCS says:

      There can always be false positives, and sometimes even false positives for the TDFLS file system as well…. you should always make a backup or image before rootkit removal, or any virus removal for that matter. It’s very easy to render your system unbootable after cleaning it up.

      • Dr_Bob says:

        Excellent point guys. False Positives will/could happen with anything. It is ALWAYS recommended to make a backup when dealing with System Files that could render your OS unbootable.
        Always check into files before just deleting them and hoping that they are malicious.

  2. M says:

    More than likely you saw this with Akamai because it is a Peer2Peer service. I’d reconsider using it.

  3. Wade says:

    Akamai has a problem with it’s Adobe update’s getting exploited. And carries a ZeroAccess Rootkit. Note:
    Akamai is a clean company, which has some major name customers; Adobe, Facebook,
    Twitter, AMD, Hilton Worldwide Hotels, Netflix, Cineville, Miles Kimball, J. C. Penney, Yahoo!,
    Blizzard Entertainment, github. So they have credit.

    What I have a bit of a beef with, is the fact that you don’t know about this company if you don’t go snooping around your pc. There’s no choices on installing or not. And it installs just like the bad Rootkit – hidden features. And that can’t be good.

Leave questions or comments here!

%d bloggers like this: