Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

tdsskiller


  • Please log in to reply
1 reply to this topic

#1 Computer Chip

Computer Chip

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 10 October 2010 - 05:42 AM

can someone tel me why running TDSSKILLER from the command line with "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt searches the MBR but if you just double click on the desktop icon that it does not?

I was able to solve a browser redirect after a AV 2010 infection only after reading about that command line.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:46 PM

Posted 10 October 2010 - 07:47 AM

Command line parameters allow you to run TDSSKiller using specific options. Arguments make the actions apply without prompting the user. TDSSKiller was updated to a GUI based version which is easier to use for most folks needing to run the tool. That version can detect and cure MBR infection after reboot without using parameters as shown in this example.

2010/09/03 15:09:30.0468 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/09/03 15:09:30.0484 ================================================================================
2010/09/03 15:09:30.0484 Scan finished
2010/09/03 15:09:30.0484 ================================================================================
2010/09/03 15:09:30.0484 Detected object count: 1
2010/09/03 15:09:48.0609 \HardDisk0\MBR - will be cured after reboot
2010/09/03 15:09:48.0609 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure


Various kinds of malware and installed security programs can sometimes interfere with other security tools used to remove infection so they do not always work as intended. In some cases, subsequent runs of a tool will find something that an earlier run failed to detect.

There are no guarantees or shortcuts when it comes to malware removal, especially when dealing with backdoor Trojans, Botnets, IRCBots or rootkit components that can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Thus, it may take several efforts with different, the same or more powerful tools to do the job. Even then, with some types of malware infections, the task can be arduous.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users