Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How NOT to become a victim of kaspersky tdsskiller


  • Please log in to reply
8 replies to this topic

#1 pbeagle

pbeagle

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Pluto
  • Local time:06:29 AM

Posted 29 February 2016 - 02:57 PM

I wish I had found this website first. I found it in a desperate search for help and what I found left me with this feeling of icicles in my guts. I found an article that talked about how anti-malware apps can end up screwing up your device and deleting important files, etc etc etc. Oh the weeping and gnashing of teeth that followed those words on the screen of my phone... not on my LAPTOP.... noooo... I can't see them on my laptop because, well, she's dead Jim.

 

kaspersky tdsskiller got me. 

 

So, how NOT to become a victim of the same?

 

1. When you are not an expert and you want to do the right things to keep your computer all happy and safe, DO go online and search for scanning/removal instructions

2. Do find at least TWO sets of instructions from different sites if possible

3. DO note the differences between the sets and make note of the apps they suggest

4. DO go back online and find reviews and discussions of said instructions, sites or apps... especially the apps, yes, most especially the apps

5. DO ask questions of a reputable site and DO be suspicious of a site that doesn't seem to allow such questions. Make sure you understand the RISKS and so forth

6. DON'T TRUST SOME WEBSITE WITHOUT DOING THE ABOVE.

 

I thought I was doing the best thing. I didn't even know that running an anti-malware/virus app could DO such damage if the app itself wasn't malicious. I thought I could trust software that isn't itself malicious as such.

 

I had previously used the instructions from a place called Malwaretips. I had no problems before. In fact, I'd been happy with it. This time I didn't recall seeing the first step... kaspersky tdsskiller. I KNOW that I did not use that before. But I thought this was a decent site so it can't do any real harm, right? WRONG!!!

 

I ran this death-app and set it to scan while I tottered off to bed. I figured it would run a scan, put up some sort of report and I'd see it in the morning when I woke the laptop from the sleep mode it would go into after the scan. I didn't know the system could be quietly strangled to death just a few feet away and I'd never know it was happening. 

 

I woke up to "no bootable disk found" F-me. After that desperate search I mentioned, I found those horrible words that told me what had happened in the night. kaspersky tdsskiller had found whatever had been the problem alright, found it and killed it, along with all ability to access the laptop at all. bleep, I could have microwaved it and gotten the same result - an unusable machine. 

 

Don't be a victim to kaspersky tdsskiller, or any other such thing. Don't worry about feeling stupid... go research and ask, ask and ask some more.

 


Bleepingcomputer is a great site for online support.

Sadly, the issue I had wasn't solved, but most people who offered help

were very friendly and extremely patient.

 

Make it your aim to do something that will benefit another living being who may  not have the ability to repay the kindness. It doesn't take a lot, a mountain is not scaled in one giant leap, it is conquered one small step at a time.

 

 


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:29 AM

Posted 29 February 2016 - 03:21 PM

Are these the instructions you followed?

https://malwaretips.com/blogs/malware-removal-guide-for-windows/

My guess is that you checked the Loaded modules option and restarted your computer, and this scan messed up your system. Otherwise, TDSSKiller doesn't require a restart, nor will it delete anything without your input first.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:29 AM

Posted 29 February 2016 - 03:22 PM

I've used Kaspersky TDSSKiller on thousands of machines during routine cleanup procedures, and never seen it cause a machine to not boot. It can detect bootkits, which could be the cause of issues, but I've not seen it actually cause damage by removing the infection.

 

I'm sure someone here should be able to assist you in getting your laptop operational again. Do you recall what the infection was that it removed? TDSSKiller does show you the intended repairs before doing anything, and does not do anything until you confirm the actions.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#4 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:29 AM

Posted 29 February 2016 - 03:29 PM

I remembered one case of a machine becoming unbootable after running TDSSKiller, however it was because the machine was infected with a bootkit and TDSSKiller encountered an error processing the malware. TDSSKiller is a tool that deals with a particularly stubborn kind of infection, and as such have risks (like any other automated scanner).

Do you still need help with the unbootable machine?

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:29 AM

Posted 29 February 2016 - 03:32 PM

You have to be careful when conducting searches on the Internet as there is a lot of useless and misinformation out there especially in regards to malware removal assistance (and removal guides). It is not unusual to find numerous hits from untrustworthy and scam sites which mis-classify detections or provide misleading information. This is deliberately done to entice folks into buying an advertised fix or removal tool. They take advantage of novice users and entice them into downloading junk software using gimmicks, false claims and other deceptive advertising. Users may be enticed to download dubious software, actual malicious files or even be redirected to a malicious web site. Typically the posted removal guides provide inadequate removal instructions that do not remove the infection. In many cases their instructions say if you need profession help to contact the site's Tech Support for assistance which is only provided for a fee and usually the actual amount is not disclosed until after you have committed yourself. The scammers may even talk you into giving them remote access to your computer (and by extension, all your private data and personal information). When performing search queries, always check multiple sources to confirm the information provided is safe, consistent and from trustworthy web sites.

With that said, Kaspersky TDSSKiller is a legitimate but powerful tool. I am a firm believer that if someone is unsure how to use a particular security tool or interpret any logs it generates, then they probably should not be using it. Folks often panic when they see scanning log results they do not understand after using tools they no very little about. Some security tools are intended for advanced users, those who are knowledgeable of the Windows registry or to be used under the guidance of an expert who can interpret the log results and investigate it for malicious entries before taking any removal action. Security tools will show everything they find that is a possible problem (good and bad) but you need to know what to remove and what not to remove. Incorrectly removing legitimate entries could lead to disastrous problems with your operating system.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 pbeagle

pbeagle
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Pluto
  • Local time:06:29 AM

Posted 29 February 2016 - 08:59 PM

Are these the instructions you followed?

https://malwaretips.com/blogs/malware-removal-guide-for-windows/

My guess is that you checked the Loaded modules option and restarted your computer, and this scan messed up your system. Otherwise, TDSSKiller doesn't require a restart, nor will it delete anything without your input first.

yes that is the website. I had no issue before the KKiller was added. I admit, I cannot "blame" kaspersky for certain but it was what I set in motion and the laptop was fine before that.

 

I did not restart. I did exactly as that site said to do. It told me to select a particular box in the scan settings and I did that. Then I hit scan and went to bed. 

 

I've used Kaspersky TDSSKiller on thousands of machines during routine cleanup procedures, and never seen it cause a machine to not boot. It can detect bootkits, which could be the cause of issues, but I've not seen it actually cause damage by removing the infection.

 

I'm sure someone here should be able to assist you in getting your laptop operational again. Do you recall what the infection was that it removed? TDSSKiller does show you the intended repairs before doing anything, and does not do anything until you confirm the actions.

 

I don't know that I had an infection. I was made aware that my email address was potentially breached. I had noticed some odd things about the mobile phone and decided to scan everything - starting with AVG. That's when I noticed AVG was suddenly missing. I'm not kidding. I'm the only person who uses the laptop but AVG was now just not there. So, I installed it right away and it came up clean... that's when I wondered if I had a trojan. But I truly don't know if I did. I did delete the AVG installer from the downloads section a little while ago so perhaps I deleted it somehow but I didn't do so knowingly. I'm just saying it is possible I had one... or I may not have. What I do know is the lap top was fine then I used k-killer and it was no longer fine.

 

I remembered one case of a machine becoming unbootable after running TDSSKiller, however it was because the machine was infected with a bootkit and TDSSKiller encountered an error processing the malware. TDSSKiller is a tool that deals with a particularly stubborn kind of infection, and as such have risks (like any other automated scanner).

Do you still need help with the unbootable machine?

 

Well, I wondered about that.. but I know so little about the way that stuff works. I can hand code all sorts of sites but I am no admin, you know? I thought though... if it did find such a thing, it should give me a choose over what to do... right?

 

Is it possible the laptop crashed during the scan and that triggered k-killer to do whatever it did?

 

YES!!! OMG YES! I have a black slab of plastic now instead of a laptop. I can access the menu from holding down the F2 when turning it on. I described this in the win8 forum. But you already have the gist of it. I have the plain text screen with boot options. I don't know what settings should be what so I was afraid to touch anything. I know that if it goes into recovery mode it will wipe the drive. 

 

I tried contacting Acer but got the run around about the warranty. It isn't a year since purchase so they finally relented.

But I called a local repair place to see what I'm facing and they said something like $80 just to get the files off of it. I have hours of recorded interviews I can't ever get back... and original artwork. I hadn't backed it up yet because it doesn't have a CD drive, I don't trust cloud services and all I have a re a few 500GB drives that are mostly fill of video/audio editing files - which means HUGE. I don't have one big drive and the repair place says I need that along with the $80(=tx btw) Drives go on sale for $100-125 or so... I don't have that, I'm out of work. This laptop makes artwork and is used to apply for jobs.

 

But I can work around the drive issue if I do it myself and can put things on more than one drive. I just don't have money to have it repaired but I can't do without it. I'm really afraid of just tracking it beyond recognition and voiding the warranty.

 

Is it possible someone could step me through what I have to do to get the files? I'd feel better about trying a factory reset if those files were safe somewhere.

 

You have to be careful when conducting searches on the Internet as there is a lot of useless and misinformation out there especially in regards to malware removal assistance (and removal guides). It is not unusual to find numerous hits from untrustworthy and scam sites which mis-classify detections or provide misleading information. This is deliberately done to entice folks into buying an advertised fix or removal tool. They take advantage of novice users and entice them into downloading junk software using gimmicks, false claims and other deceptive advertising. Users may be enticed to download dubious software, actual malicious files or even be redirected to a malicious web site. Typically the posted removal guides provide inadequate removal instructions that do not remove the infection. In many cases their instructions say if you need profession help to contact the site's Tech Support for assistance which is only provided for a fee and usually the actual amount is not disclosed until after you have committed yourself. The scammers may even talk you into giving them remote access to your computer (and by extension, all your private data and personal information). When performing search queries, always check multiple sources to confirm the information provided is safe, consistent and from trustworthy web sites.

With that said, Kaspersky TDSSKiller is a legitimate but powerful tool. I am a firm believer that if someone is unsure how to use a particular security tool or interpret any logs it generates, then they probably should not be using it. Folks often panic when they see scanning log results they do not understand after using tools they no very little about. Some security tools are intended for advanced users, those who are knowledgeable of the Windows registry or to be used under the guidance of an expert who can interpret the log results and investigate it for malicious entries before taking any removal action. Security tools will show everything they find that is a possible problem (good and bad) but you need to know what to remove and what not to remove. Incorrectly removing legitimate entries could lead to disastrous problems with your operating system.

 

 

Well see... those were sort of the words I said I found on that desperate search... but it was too late. Trust me, I don't overestimate my expertise in this... I will claim clueless-status straight off. But that's why I sought out what I thought was a reputable site. I did not find reviews of it or the software... which is why I wrote this post in the first place. I can clearly see where I went wrong but not what went wrong. From what I am gathering "MalwareTips" IS a good site. The App IS a good app... but it didn't come with any warning like you just gave. I had used everything else in that list on MT and had no trouble until this. The only different item is the k-killer. I was attempting to be safe and smart about it... and the stories of ransom keys and all that are scary. 

 

But I need to be clear...

  • I didn't tell it to do anything other than perform a scan
  • I set it up just the way malwaretips said to and I went to bed
  • I didn't panic about the scan or the potential trojan. I panicked when I saw No Bootable Disk
  • I did attempt to do the right things the right way, and I did find what I see is a good site and k-killer is a good app according to everyone here so far... but I think MT ought to issue a warning and NOT put it at the top of the list if it is so powerful. I recall before it was a set of layers, each stronger than the last... but this time it was a stick of dynamite when I expected a water gun.

Bleepingcomputer is a great site for online support.

Sadly, the issue I had wasn't solved, but most people who offered help

were very friendly and extremely patient.

 

Make it your aim to do something that will benefit another living being who may  not have the ability to repay the kindness. It doesn't take a lot, a mountain is not scaled in one giant leap, it is conquered one small step at a time.

 

 


#7 pbeagle

pbeagle
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Pluto
  • Local time:06:29 AM

Posted 29 February 2016 - 09:02 PM

  • I have to know how to use this scary menu I get with the F2 key
  • how to get the files off of there
  • how to attempt a factory reset

I I still don't have a working craptop, I can send it back to Acer... but they don't remove files for you... they just delete them (according to the local comp-repair shop)


Bleepingcomputer is a great site for online support.

Sadly, the issue I had wasn't solved, but most people who offered help

were very friendly and extremely patient.

 

Make it your aim to do something that will benefit another living being who may  not have the ability to repay the kindness. It doesn't take a lot, a mountain is not scaled in one giant leap, it is conquered one small step at a time.

 

 


#8 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:29 AM

Posted 01 March 2016 - 03:16 AM

Hello pbeagle,

You can ask for assistance with the unbootable machine in Malware Removal Logs forum, where there are elevated tools to help you.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:29 AM

Posted 01 March 2016 - 09:52 PM

OP is continuing to get help here.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users