s
stephenb
Nov 14, 2011

What kind of problems have been caused for you by the TDSS rootkit?

TDSS has been used by attackers again and again over the past couple of years. We had a problem with TDSServ and it was a royal pain to remove it. Making matters worse, or at least more annoying, Norton anti-virus was installed on the infected desktop, and it didn't prevent the infection. Have you seen recent attacks utilizing it, how have you addressed it and what type of problems have been the result?

n
ncharles
11/15/2011

 

I experienced a TDSS infection a few months ago, despite the fact that my anti-virus software was up and current.  It essentially made my laptop essentially unusable, and slowed browsing down so much it was like suddenly having an old 14.4 dial-up connection (remember those?).   Even when I wasn't doing anything, I would get messages constantly that my computer was under attack and the anti-virus software was blocking it.   When I could finally go to a new webpage, my anti-virus software would pop up warnings with each page.  I was also getting redirected from the links that I tried to click on to completely unrelated sites.  It was a headache.

 

In the end, the way I dealt with it was Kasperky's TDSS killer, which you can find at: 

http://support.kaspersky.com/viruses/solutions?qid=208280684

 

jimlynch
11/14/2011
For those who aren't familiar with it, here's a good background article.

Rootkit.TDSS
http://www.wiki-security.com/wiki/Parasite/RootkitTDSS/

"Rootkit.TDSS is difficult to detect and remove. Rootkit.TDSS is not likely to be removed through a convenient "uninstall" feature. Rootkit.TDSS, as well as other spyware, can re-install itself even after it appears to have been removed.
You also run the risk of damaging your computer since you're required to find and delete sensitive files in your system such as DLL files and registry keys. It is recommended you use a good spyware remover to remove Rootkit.TDSS and other spyware, adware, trojans and viruses on your computer."
Answer this