Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDSS Killer .exe file disappears


  • Please log in to reply
8 replies to this topic

#1 EdPell

EdPell

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 30 January 2018 - 05:47 PM

Using Win 7 Home Premium SP1, MBAM Premium 3.3.1, Webroot 9.0.18, SAS 6.0

MBAM can't find its anti-rootkit driver, so I came here and downloaded TDSS Killer.

I selected the .exe file - the icon appeared on the desktop and then disappeared in a few seconds. The file doesn't appear anywhere on my system (I used Everything Search to look). So I downloaded the .zip file, extracted the .exe, renamed it, and ran it. Nothing found.

So I have the .exe and all is okay, but I'm still curious as to why the original .exe disappeared.
Anyone have an idea?

Thanks
EdP
 


Edited by hamluis, 30 January 2018 - 06:02 PM.
Moved from Win 7 to AV/AM Software - Hamluis.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:50 AM

Posted 30 January 2018 - 05:51 PM

Try using MBAR if you suspect malware...especially a rootkit.

 

If you are unable to run a scan using MBAM:

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.
https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:50 AM

Posted 30 January 2018 - 06:27 PM

...I selected the .exe file - the icon appeared on the desktop and then disappeared in a few seconds. The file doesn't appear anywhere on my system (I used Everything Search to look). So I downloaded the .zip file, extracted the .exe, renamed it, and ran it. Nothing found.

So I have the .exe and all is okay, but I'm still curious as to why the original .exe disappeared.
Anyone have an idea?

I suspect Webroot may have incorrectly identified (false postive) the .exe file as malware and blocked the download. That is not uncommon for specialized tools like TDSS Killer for a variety of reasons...see my explanation here.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 EdPell

EdPell
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 31 January 2018 - 01:27 PM

Thanks BC - no problems running a scan with MBAM and no problems found. MBAM started up without the driver missing message and rootkit scanning is turned on. Looks like all is okay with MBAM.

Thanks, Janitor - I also expected that one of my protective applications took care of it, but I was surprised that it allowed the file to download and appear on my desktop for a few seconds before banishing it to the ether.

 

I appreciate the help.

EdP



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:50 AM

Posted 31 January 2018 - 02:05 PM

You're welcome on behalf of the Bleeping Computer community.
 


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 midimusicman79

midimusicman79

  • Members
  • 646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:09:50 AM

Posted 01 February 2018 - 09:21 AM

Hi, quietman7!
 
I do realize this is a bit late, but anyway:
 
I headed over to the Downloads Section to download TDSSkiller.exe, but upon clicking the Download button, the download went wrong and as such, a file named tdsskiller.exe.part as well as a tdsskiller.exe which was a zero-byte file, appeared in my Downloads folder.
 
And a few hours later, I received an Email which seemed like SPAM, and was about an unknown software named Advanced Batch Converter with my real world name and Email address, could this be some sort of coincidence?
 
Could you please look into this, as there clearly seems to be something wrong with the TDSSKiller.exe that BC hosts?
 
https://www.bleepingcomputer.com/download/tdsskiller/
 
I am now off to running several anti-malware program's scans...hopefully they will not find anything... :busy:
 
Thank you very much in advance!
 
Regards,
midimusicman79

Edited by midimusicman79, 01 February 2018 - 11:34 AM.

MS Win 10 Pro 64-bit, EAM Pro/EEK, MB 3 Free, WPP, SWB Free, CryptoPrevent Free and Unchecky, WFW, FFQ with uBO, Ghostery, Grammarly Free and HTTPS Ew. Acronis TI 2018, K. Sw. Upd. AM-tools: 9-lab RT BETA, AdwCleaner, Auslogics AM, aswMBR, Avira PCC, BD ART, catchme, Cezurity AV, CCE, CKS, ClamWin P., Crystal Sec., DDS, DWCI, EMCO MD, eScan MWAV, ESS/EOS, FGP, FMTB, FRST, F-SOS, FSS, FreeFixer, GMP, GMER, hP BETA, HJT, Inherit, JRT, K. avz4, KVRT, K. TDSSKiller, LSP-Fix, MB 3 Free, MBAR BETA, MA Stinger, NMC, NoBot, NPE, NSS, NVT MRF (NMRF), OTL, PCC, QD, RCS, RSIT, RKill, Rs, SC, SR, SAP, SVRT, SAS, SL, TMHC, TSA ART, UHM, Vba32 AR, VRS, WR (AiO), Xvirus PG, ZAM, ZHPC, ZHPD and Zoek. I have 23 Years of PC Experience. Bold = effective.


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:50 AM

Posted 01 February 2018 - 12:23 PM

The download of the .exe file worked fine for me.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 midimusicman79

midimusicman79

  • Members
  • 646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:09:50 AM

Posted 02 February 2018 - 10:00 AM

Hi again, quietman7!
 
Thank you for the prompt and insightful reply! :)
 
And thanks for checking the file in question!
 
I decided to perform extensive research in order to pinpoint the issue, and it turns out that the problem is on my end, namely that downloading files results in only partial files and zero-byte files, which affects both Firefox, Chrome, Opera, Internet Explorer and Edge browsers, and is as such browser independent.
 
As this is way over my head, I am going to post about this issue over at the Web Browsing/Email and Other Internet Applications Forum.
 
IOW, there is nothing wrong whatsoever with TDSSKiller.exe in the BC Downloads Section and consequently, I would like to apologize for my hasty assertion.
 
I also uploaded the file tdsskiller.exe.part to VirusTotal for convenience reasons, here:

https://www.virustotal.com/en/file/6986a618cd3bf902569b60cd7f7c4804c48b059dbccf515fa369b8d506b26cdd/analysis/1517487814/
 
Thank you very much for the help! :)
 
Regards,
midimusicman79

Edited by midimusicman79, 02 February 2018 - 11:48 AM.

MS Win 10 Pro 64-bit, EAM Pro/EEK, MB 3 Free, WPP, SWB Free, CryptoPrevent Free and Unchecky, WFW, FFQ with uBO, Ghostery, Grammarly Free and HTTPS Ew. Acronis TI 2018, K. Sw. Upd. AM-tools: 9-lab RT BETA, AdwCleaner, Auslogics AM, aswMBR, Avira PCC, BD ART, catchme, Cezurity AV, CCE, CKS, ClamWin P., Crystal Sec., DDS, DWCI, EMCO MD, eScan MWAV, ESS/EOS, FGP, FMTB, FRST, F-SOS, FSS, FreeFixer, GMP, GMER, hP BETA, HJT, Inherit, JRT, K. avz4, KVRT, K. TDSSKiller, LSP-Fix, MB 3 Free, MBAR BETA, MA Stinger, NMC, NoBot, NPE, NSS, NVT MRF (NMRF), OTL, PCC, QD, RCS, RSIT, RKill, Rs, SC, SR, SAP, SVRT, SAS, SL, TMHC, TSA ART, UHM, Vba32 AR, VRS, WR (AiO), Xvirus PG, ZAM, ZHPC, ZHPD and Zoek. I have 23 Years of PC Experience. Bold = effective.


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:50 AM

Posted 02 February 2018 - 11:29 AM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users