Wait for the scan and disinfection process to be over. It is necessary to reboot the PC after the disinfection is over.
How to use the utility
Press the button Start scan for the utility to start scanning.
It detects malicious and suspicious objects.
The utility can detect two object types:
malicious (the malware has been identified);
suspicious (the malware cannot be identified).
When the scan is over, the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
Select the action Copy to quarantine to quarantine detected objects. File will not be removed! The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
After clicking Next, the utility applies selected actions and outputs the result.
A reboot might require after disinfection.
By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
Logs have names like: UtilityName.Version_Date_Time_log.txt.
E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
Command line parameters to run the utility TDSSKiller.exe
-l <file_name> - write log to a file. -qpath <folder_name> - quarantine folder path (it will be created if does not exist). -h - list of command line arguments. -sigcheck - detect all drivers without a digital signature as suspicious. -tdlfs - detect the presence of TDLFS file system which the TDL 3/4 rootkits create in the last sectors of hard disk drives for storing its files. All these files can be quarantined.
The following arguments make the actions apply without prompting the user:
-qall - copy all objects to quarantine (even non-infected); -qsus - copy to quarantine suspicious objects only; -qmbr - copy to quarantine all MBR; -qcsvc <service_name> - copy this service to quarantine; -dcsvc <service_name> - remove this service; -silent – scan in silent mode (do not display any windows) to be able to run the utility in a centralized way over the network.
E.g. use the following command to scan the PC with a detailed log written into the file report.txt (created in the TDSSKiller.exe utility folder):
TDSSKiller.exe -l report.txt
For example, if you want to scan the PC with a detailed log saved into the file report.txt (it will be created in the folder with TDSSKiller.exe), use the following command:
TDSSKiller.exe -l report.txt
Symptoms of an infection
Symptoms of infection with Rootkit.Win32.TDSS first and second generation (TDL1, TDL2)
Experienced users may try to monitor the following kernel function hooks:
发表于 2011-1-30 18:16
The utility TDSSKiller.exe supports 32-bit and 64-bit operation systems.
