Back in February, the TDSS rootkit was hot news. Microsoft had issued a patch to Windows that caused some systems to blue screen at startup.
The problem was traced to a rootkit that Microsoft called Alureon, but is also known as TDSS, Tidserv and TDL3. The update to Windows had modified the kernel and this invalidated some hard coded displacement branch addresses in the rootkit.
According to Trend Micro, TDSS was first seen in 2008 and "... was known for its ability to exist in systems without being discovered and the challenge it presents in terms of cleanup."
For many Windows users, the blue screen of death at boot-up was their first indication that they were infected with TDSS.
Back in February, I removed TDSS from someone's computer using a free program from Kaspersky called TDSSKiller.
Today, I stumbled across the fact that Kaspersky has been actively maintaining their TDSSKiller program which I mention here for two reasons.
First, TDSSKiller is a simple, small program and a minute devoted to its use could be an eye-opener for anyone running Windows. Also, you'd be hard pressed to know about it.
Kaspersky doesn't mention the updates to the proram in the news section of their website. A search on Kaspersky.com for it returns: "Sorry, there were no results found for TDSSKiller." Searching for it on their downloads page is also futile.
Heck, two people from Kaspersky just wrote (on August 5th) a long detailed article on the TDSS rootkit and failed to mention that they have a free removal program.
But they do (download it here) and it was recently updated to boot (on August 4th).
Back in February, version 184.108.40.206 of the program was text mode only; now, version 220.127.116.11, has a user-friendly GUI (shown below)
Kaspersky even offers assistance in using the program, see How to remove malware belonging to the family Rootkit.Win32.TDSS. In addition to the GUI output, TDSSKiller also writes a log file to the root of the C disk with a name like
If the direct link provided above goes bad in the future you should also be able to download TDSSKiller from Kaspersky's Consumer Support Utilities and Removal Tools and Virus-fighting utilities pages.
TDSSKiller.exe takes only seconds to run and should be worth your time. It's a single EXE file so after downloading it (as a zip file) you can easily run it on many Windows machines.
The program is portable, that is, it does not have to be installed. Just run it. You'll be glad you did, no matter what it turns up.