Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Why Rename tdsskiller.exe to iexplore


  • Please log in to reply
4 replies to this topic

#1 LawnMowRMan

LawnMowRMan

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 25 October 2012 - 10:49 PM

It would have been helpful if the instructions had told me to change the filename tdsskiller.exe to iexplore before beginning the download. That file downloaded as tdsskiller.exe leads to an almost instant infection immediately after the download is complete.

BC AdBot (Login to Remove)

 


#2 LawnMowRMan

LawnMowRMan
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 25 October 2012 - 10:53 PM

My post has nothing to do with support. It is not a question. The answer is obvious. Including that one detail in the instructions would have saved me half an hour of thinking and another twenty seven minute download. My average download speed is 4.3KBpS. Doubtless I am not the only dial up user that has made and will make the same mistake by not renaming the file before beginning the download.

#3 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:01:32 PM

Posted 26 October 2012 - 08:24 AM

Hello LawnMowRMan and welcome to BC! :)

I'm not sure I understand what you mean.

First of all, which instructions are you reading? Most instructions used properly for running the tool do mention to rename the tool if it doesn't run. It doesn't always have to be renamed, and in some cases even what you suggest will also not work. That also goes for many other tools. On a very badly infected machine, file names of known antimalware programs just won't run because the process gets stopped immediately by the malware. This will also depend on the infection you have, if at all.

Secondly, TDSSKiller.exe will not "lead to an instant infection" unless you got the tool from an unknown source. If your resident antivirus program detected TDSSKiller.exe as an infection, and you got it from Kaspersky, then it's called a false positive. It's not an infection. In that case, you can just disable your AV program before downloading, then re-enable after.

Does that clarify things a bit?

bloopie

Edited by bloopie, 26 October 2012 - 05:52 PM.
Fixed typo


#4 LawnMowRMan

LawnMowRMan
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 26 October 2012 - 11:12 PM

Thank you for your response. tdsskiller.exe was downloaded from bleepingcomputer. Comodo reported the file as infected moments after the download was complete. I should have made a note of the virus name. The only part of the name I remember is MS and a .gen. tdsskiller.exe was not infected after the second download.

Windows can be very aggravating. I'm getting ready to dump Windows for Linux Puppy.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:32 PM

Posted 27 October 2012 - 09:29 PM

Hello, from our Download link
http://www.bleepingcomputer.com/download/tdsskiller/

It is important to note that many rootkits target the name of the TDSSKiller executable so that it is terminated when you attempt to run it. Therefore, after downloading or extracting the executable you should rename it to iexplore.exe so that it can more easily bypass any protection routines a particular rootkit may use.


Some AV's do see some malare tools as infections. The need to be informed that they are not. To the AV it sees the tool as an invasive item. They are, so the AV is not necessarily wrong, It is doing it's job. Until the AV company is informed the tool doesn't know it is a good guy and flags it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users