Đăng Nhập
Tìm kiếm
Top posting users this month
No user |
Thống Kê
Hiện có 1 người đang truy cập Diễn Đàn, gồm: 0 Thành viên, 0 Thành viên ẩn danh và 1 Khách viếng thăm Không
Số người truy cập cùng lúc nhiều nhất là 58 người, vào ngày Wed Aug 02, 2017 7:50 pm
How to remove malware belonging to the family Rootkit.Win32.TDSS 2.4.1.1
SeHTF :: Câu lạc bộ An ninh mạng for Security 2TVN :: Góc nhìn hệ thống by Security 2TVN :: An ninh máy tính by Security 2TVN :: Thông tin cập nhật Top Virus by Security 2TVN
Trang 1 trong tổng số 1 trang
11082010
How to remove malware belonging to the family Rootkit.Win32.TDSS 2.4.1.1
How to remove malware belonging to the family Rootkit.Win32.TDSS |
In
this section you will find recommendations how to fight malicious
programs which cannot be disinfected by Kaspersky Lab's products. In
order to disinfect/remove malicious programs you may have to modify the
system registry or use an additional utility. If you failed to find the
necessary information or you find these recommendations too complicated
or inadequate, please send a request to the Technical Support service
via the [You must be registered and logged in to see this link.].
How to remove malware belonging to the family Rootkit.Win32.TDSS | ||||
ID Article: 2663 | Other languages: [You must be registered and logged in to see this link.] | 24 866 | 2010 Aug 10 16:50 | [You must be registered and logged in to see this link.] |
Useful references | | |||
[You must be registered and logged in to see this link.] | ||||
|
A rootkit is a program or a set of programs designed to obscure the fact that a system has been compromised.
For Windows operating systems, the term rootkit stands for a program that infiltrates the system and hooks system functions (Windows API). By hooking and modifying low-level API functions, such malware can effectively hide its presence in a system. Moreover, rootkits
as a rule are able to conceal in the system any processes, folders and
files on a disk as well as registry keys described in its
configuration. Many rootkits install own drivers and services (hidden as well) into the system.
It is possible to disinfect a system infected with malware family Rootkit.Win32.TDSS using the utility TDSSKiller.exe.
The utility has GUI.
The utility TDSSKiller.exe supports 32-bit and 64-bit operation systems.
Disinfection of an infected system
- Download the file [You must be registered and logged in to see this link.] and extract it (use archiver, for example, WInZip) into a folder on the infected (or potentially infected) PC.
- Execute the file [You must be registered and logged in to see this link.].
- Wait for the scan and disinfection process to be over. It is necessary to reboot the PC after the disinfection is over.
How to use the utility
- Press the button Start scan for the utility to start scanning.
It detects malicious and suspicious objects. - The utility can detect two object types:
- malicious (the malware has been identified);
- suspicious (the malware cannot be identified).
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
The default quarantine folder is in the system disk root folder, e.g.:
C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
Logs have names like: UtilityName.Version_Date_Time_log.txt.
E.g. C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
Command line parameters to run the utility TDSSKiller.exe
-l - write log to a file.
-qpath - quarantine folder path (it will be created if does not exist).
-h - list of command line arguments.
The following arguments make the actions apply without prompting the user:
-qall - copy all objects to quarantine (even non-infected);
-qsus - copy to quarantine suspicious objects only;
-qmbr - copy to quarantine all MBR;
-qcsvc - copy this service to quarantine;
-dcsvc - remove this service.
E.g. use the following command to scan the PC with a detailed log written into the file report.txt (created in the TDSSKiller.exe utility folder):
TDSSKiller.exe -l report.txt
For example, if you want to scan the PC with a detailed log saved into the file report.txt (it will be created in the folder with TDSSKiller.exe), use the following command:
TDSSKiller.exe -l report.txt
Symptoms of an infection
- Symptoms of infection with Rootkit.Win32.TDSS first and second generation (TDL1, TDL2)
Experienced users may try to monitor the following kernel function hooks:
- IofCallDriver;
- IofCompleteRequest;
- NtFlushInstructionCache;
- NtEnumerateKey;
- NtSaveKey;
- NtSaveKeyEx.
Using the utility [You must be registered and logged in to see this link.].
Symptoms of infection Rootkit.Win32.TDSS third generation (TDL3)
An infection can be detected with utility Gmer. It detects replacement of a “device” object of the system driver atapi.sys.
Admin- Chủ Tịch Se S2T
- Con Giáp :
Tuổi giáp Trung Hoa :
Tổng số bài gửi : 1481
Điểm Se S2T : 88055
Sinh Nhật : 03/11/1990
Tham gia ngày : 27/08/2009
Tuổi : 33
Đến từ : Äồng Há»›i City
Sở thích : Máy tÃnh, Soft, AV....
Tính hài hước : Bình thÆ°á»ng
Huy chương
Sức mạnh:
(100/100)
Điểm SeS2T:
(50/50)
Similar topics
» How to confront malware of the family Trojan-Ransom.Win32.Xorist?(1.4.4)
» How to deal with malware family Rootkit.Win32.PMax?
» How to deal with malware belonging to the family Trojan-Ransom.Win32.Digitala
» Tool diệt đặc hiệu của Kasperky mẫu Rootkit.Win32.TDSS
» Backdoor:W32/TDSS
» How to deal with malware family Rootkit.Win32.PMax?
» How to deal with malware belonging to the family Trojan-Ransom.Win32.Digitala
» Tool diệt đặc hiệu của Kasperky mẫu Rootkit.Win32.TDSS
» Backdoor:W32/TDSS
Permissions in this forum:
Bạn không có quyền trả lời bài viết