TDSSKiller digs out rootkits

Recently I spent some time rescuing my sister-in-law’s laptop from some seriously nasty malware.

Even after running utilities like Malwarebytes Anti-Malware, then using UnHide to restore the system’s missing icons and folders, something was hijacking the Web browsers.

Whenever I’d click a link in Internet Explorer or Firefox some malicious bit of code would redirect the browser to a phishing site. That’s hijacking in a nutshell, and it’s extremely frustrating.

Because it was happening in both browsers, I knew there was a deeper problem than just a rogue plug-in or toolbar.

Best guess: a rootkit, a form of malware that can hide itself from normal methods of detection. And, sure enough, it was the notorious TDSS, which, as reported just the other day by IDG News, is now being distributed by some WordPress-powered blogs. This laptop might have gotten infected just from visiting a seemingly harmless Web site.

So how does one banish TDSS when the usual malware cleaners fail? Kaspersky Lab’s free TDSSKiller worked for me…eventually. When I first downloaded and ran the utility, nothing happened.

The interface never appeared, so I couldn’t start a scan. Turns out TDSS is so nasty, it can even block TDSSKiller from running. Fortunately, Kaspersky posted an updated version that did the trick.

Once I’d sent TDSS back to hell, the browser hijacking stopped. Your mileage may vary, of course, but if you’ve tried other measures and your system is still exhibiting symptoms of infection, TDSSKiller might be the final inoculation you need.

Share on LinkedIn Comment on this article Share with Google+