|Operating System:||Windows XP/Vista/7/8
32-bit program. Can run on both a 32-bit and 64-bit OS.
TDSSKiller is a utility created by Kaspersky Labs that is designed to remove the TDSS rootkit. This rootkit is know under other names such as Rootkit.Win32.TDSS, Tidserv, TDSServ, and Alureon. TDSSKiller will also attempt to remove other rootkits such as the ZeroAccess or ZeroAccess rootkit if it is detected.
A rootkit is a malware program that is designed to hide itself or other computer infections on your computer. These types of programs are typically harder to remove than generic malware, which is the reason that stand-alone utilities such as TDSSKiller have been developed.
TDSSKiller can be downloaded as an EXE or a ZIP file that contains the executable. When using the program, it is easier to download the EXE directly and only download the ZIP file if your computer software or Internet connection does not allow the direct download of executables.
It is important to note that many rootkits target the name of the TDSSKiller executable so that it is terminated when you attempt to run it. Therefore, after downloading or extracting the executable you should rename it to iexplore.exe so that it can more easily bypass any protection routines a particular rootkit may use.
TDSSKiller has the following command-line arguments:
- Save the TDSSKiller to log to the specified file name. If you do not specify a full pathname, TDSSKiller will save the log in the same folder that the executable resides in.
- Specify the path to a folder that TDSSKiller should use as the Quarantine folder. If this folder does not exist, TDSSKiller will create it.
-h - Display a list of the command line arguments.
-sigcheck - Detects all drivers that do not contain a digital signature as suspicious.
-tdlfs - Detect the presence of TDLFS file system which the TDL 3/4 rootkits create in the last sectors of hard disk drives for storing its files. All these files can be quarantined.
The following arguments make the actions apply without prompting the user:
-qall - Copy all objects to quarantine folder (Very Aggressive).
-qsus - Copy only the suspicious objects to the quarantine folder. (Safer)
-qboot - Quarantine all boot sectors.
-qmbr - Make a copy of all the Master Boot Records and store them in the quarantine folder.
- Copy the specified service to the quarantine folder.
- Delete the specified service. Only use if your sure the service should be removed.
-silent - Scan the computer in silent mode. This will not display any windows and allows the program to be used in a centralized way over the network.
-dcexact - Automatically detect and cure any known threats.
For example, you can use the following command to scan your PC and also generated a detailed log written to the file called report.txt. This report will be created in the same folder that TDSSKiller resides in.TDSSKiller.exe -l report.txt
For a detailed tutorial on how to scan your computer and remove rootkits using TDSSKiller, please visit this guide:
A rootkit is a program or a program kit that hides the presence of malware in the system.
A rootkit for Windows systems is a program that penetrates into the system and intercepts the system functions (Windows API). It can effectively hide its presence by intercepting and modifying low-level API functions. Moreover it can hide the presence of particular processes, folders, files and registry keys. Some rootkits install its own drivers and services in the system (they also remain “invisible”).
Kaspersky Lab has developed the TDSSKiller utility that allows removing rootkits.