One of the most notorious rootkit families on today's Internet is the TDSS Rootkit family which is known as Rootkit.Win32.TDSS, Tidserv, TDSServ or Alureon. The rootkit began to spread in 2008 and is one of the causes for unauthorized Google Redirects that users experience when the rootkit is active on their PC system.
One of the tools designed to detect and remove TDSS family rootkits is Kaspersky's TDSSKiller which recently was released in a new version.
The tool can not only detect and remove rootkits of the TDSS family but also rootkits known as Sinowa, Whistler, Phanta, Trup and Stoned. It furthermore may be able to use heuristics to detect unknown rootkits that are active or installed on the system.
The application is a portable software for Windows that can be executed from any location after it has been downloaded and unpacked. It will scan both services and drivers as well as boot sectors by default. It is possible to remove either services and drivers or the boot sectors objects from the scan.
A click on Start Scan runs the system scan which took less than a minute on a fast Windows 7 system. Possible dangerous files are displayed after the scan on the results page.
It is usually a good idea to search Bing or Google for the file name before moving the rootkit to quarantine to disinfect a compromised system. Another option is to send the suspicious file to a service like Virus Lab or Virus Total to scan it there for a second opinion.
TDSSKiller has several command line switches:
The following keys allow to execute the utility in the silent mode:
The free rootkit remover supports 32-bit and 64-bit Windows operating systems. A download is offered at Kaspersky's Knowledge Base.Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.