A rootkit is a program or a program kit that hides the presence of malware in the system.
A rootkit for Windows systems is a program that penetrates into the system and intercepts the system functions (Windows API). It can effectively hide its presence by intercepting and modifying low-level API functions. Moreover it can hide the presence of particular processes, folders, files and registry keys. Some rootkits install its own drivers and services in the system (they also remain “invisible”).
TDSS rootkit hides by infecting a low level system driver, most notably atapi.sys, iastor.sys or vmscsi.sys.
Kaspersky Lab has developed the TDSSKiller utility that allows removing rootkits.
The utility supports 32-bit and 64-bit operation systems.
The utility can be run in Normal Mode and Safe Mode.
It detects and removes the following malware:
malware family Rootkit.Win32.TDSS;
How to disinfect a compromised system
Download : Kaspersky TDSSKiller 220.127.116.11
- Extract the contents of the ZIP archive to a folder on your desktop.
- Double-click on TDSSKiller.exe to run it. If you are prompted with User Account Control window, then click Yes to give administrator permissions.
- When the TDSSKiller window opens up, just click on the Start scan button to start the scanning process. It scans only the key areas of your system so the scan is done quickly.
- When the scan is over you would be shown the results. If TDSS infection is found you would see a list of trojan infected files. The TDSSKiller tool automatically selects an action (Cure or Delete) for all the detected malicious objects. Although you can select the action by clicking on the action and choosing one, but it is recommended that you leave the auto-selected actions untouched. Click on the Continue button to proceed. This will delete the detected malware files.
- Some files may not get deleted and it may require the computer to reboot in order to delete them. In that case, click on the Reboot computer button to restart Windows and let the malicious objects be removed.
- After your computer reboots, TDSS rootkit should be completely removed from your system. Just to be on the safer site