Download Kaspersky TDSSKiller - Kaspersky Lab has developed the TDSSKiller utility that allows removing rootkits. A rootkit for Windows systems is a program that penetrates into the system and intercepts the system functions (Windows API).

This is a great and handy tool which is free to use.  Rootkits burrow into the roots of your Windows operating system, hiding and intercepting Windows API functions, often modifying them for their own purposes, which are seldom benign. TDSSKiller by Kaspersky Labs can find and remove rootkits, either in Normal Mode or Safe Mode. It targets malware where it lurks, including boot records.

We extracted and ran TDSSKiller, which immediately found an available update. Kaspersky strongly advised downloading the update before we scanned our system; we strongly agreed. This involved downloading and extracting a completely new copy of this compact, portable app, but that probably took less time than most ordinary updates. The tool's interface is about as simple as they come: one big Scan button, plus buttons to Change Parameters, view a Report, and Close the program. But the interface also describes what TDSSKiller targets, including a variety of known rootkits as well as rootkit-like anomalies, among them Sinowal, Stoned, Whistler, Trop, Cmoser, Pihar, and others, with new threats added by updates. We clicked Start Scan. TDSSKiller scanned 445 objects in our system in 13 seconds and found zero threats. That's what we expected it to find, but it's still a relief to see a clean report. We clicked Change Parameters, which let us select or deselect both Services and drivers and Boot sector for scanning (both are selected by default). The program only offers two more options: Verify file digital signatures and Detect TDLFS file system. A button lets you quickly restore the default settings.

Even though TDSSKiller found no malware to remove from our system, it generated a detailed report of every step of the recent operation. While we're glad we didn't need Kaspersky TDSSKiller, we don't doubt its ability to find what it claims it can, in part because we've had good experiences with other free utilities from Kaspersky Labs, but also because it's worked well for users who need it to clean up their systems. We're just glad it's available, and happy to run it on our supposedly clean system, even if only to prove it's clean. Come to think of it, that may be the best reason of all.

Important

• The utility has a graphical interface.
• The utility supports 32-bit and 64-bit operation systems.
• The utility can be run in Normal Mode and Safe Mode.

It detects and removes the following malware:

• malware family Rootkit.Win32.TDSS;
• bootkits;
• rootkits;

List of malicious programs

Rootkit.Win32.TDSS, Rootkit.Win32.Stoned.d, Rootkit.Boot.Cidox.a, Rootkit.Boot.SST.a, Rootkit.Boot.Pihar.a,b, Rootkit.Boot.Bootkor.a, Rootkit.Boot.MyBios.b, Rootkit.Win32.TDSS.mbr, Rootkit.Boot.Wistler.a, Rootkit.Win32.ZAccess.aml,c,e,f,g,h,i,j,k, Rootkit.Boot.SST.b, Rootkit.Boot.Fisp.a, Rootkit.Boot.Nimnul.a, Rootkit.Boot.Batan.a, Rootkit.Boot.Lapka.a, Backdoor.Win32.Trup.a,b, Backdoor.Win32.Sinowal.knf,kmy, Backdoor.Win32.Phanta.a,b, Trojan-Clicker.Win32.Wistler.a,b,c, Virus.Win32.TDSS.a,b,c,d,e, Virus.Win32.Rloader.a, Virus.Win32.Cmoser.a, Virus.Win32.Zhaba.a,b,c, Trojan-Dropper.Boot.Niwa.a, Rootkit.Boot.Clones.a.

How to disinfect a compromised system

• Download the TDSSKiller.zip archive and extract it into a folder on the infected (or possibly infected) computer with an archiver (WinZip, for example);
• Run the TDSSKiller.exe file;
• Wait until the scanning and disinfection completes. A reboot might require after the disinfection has been completed.