Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Guides - Privacy & Security Tips
How to use Kaspersky TDDSKiller
Message
<blockquote data-quote="Deleted member 21043" data-source="post: 361284"><p>Hi everyone,</p><p></p><p><span style="font-size: 12px">In this guide I will be showing you how to use the famous Kaspersky TDDSkiller tool.</span></p><p><span style="font-size: 12px"></span></p><p><strong><u><span style="font-size: 15px">What is Kaspersky TDDSKiller?</span></u></strong></p><p><span style="font-size: 12px">Kaspersky TDDSKiller is an advanced Anti-Rootkit tool provided by Kaspersky Labs. The tool will run a scan and is designed to detect known and unknown rootkits (it can detect rootkit activity and clean it even if that certain rootkit is new and unknown to Kaspersky Labs).</span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px">A rootkit (in my opinion) is a program which is designed to be undetected by the user and carry out unauthorized actions on the system. Nowadays, you can find a lot of rootkits which aren't "undetected" and "stealth". However, if you are infected by a very advanced rootkit which purpose is to stay undetected however steal information from your system (we can use an example here of the government rootkits recently which have been found on some systems/backdoors). They can also provide backdoor access to the system.</span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px">A rootkit can load it's own drivers on the system (kernel mode) allowing it to be having control of all the other programs on the system. Kernel mode (AKA Ring 0) is preferred by rootkit developers as it gives them a lot more control that they may want.</span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px">Of course, you can get rootkits which run in User Mode. User Mode rootkits (AKA rootkits which run in Ring 3) run in the same space that all your other programs run in. They can still do things such as: Intercept API calls.</span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px">Root basically means "Administrator". The term "kit" basically represents a set of tools used to perform activities on the system.</span></p><p><span style="font-size: 12px"></span></p><p><strong><u><span style="font-size: 15px">Where can I download Kaspersky TDDSKiller?</span></u></strong></p><p><span style="font-size: 12px">Before we can start using Kaspersky TDDSKiller, we need to download it. You can download it off the official Kaspersky website. The download page is here: <a href="http://support.kaspersky.com/viruses/utility#TDSSKiller" target="_blank">http://support.kaspersky.com/viruses/utility#TDSSKiller</a></span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px">Information from the Kaspersky website you should note:</span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px"><strong>Kaspersky also notes on it's website that it will also scan for bootkits.</strong></span></p><p><span style="font-size: 12px"></span></p><p><strong><u><span style="font-size: 15px">How to use Kaspersky TDDSKiller</span></u></strong></p><p><span style="font-size: 12px">Once you have downloaded Kaspersky TDDSKiller (I saved it to my Desktop), open it up as Administrator. </span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px"><strong>**You will have to accept the EULA and KSN Statement**</strong></span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px">Once Kaspersky TDDSKiller has opened, it should look like the following screenshot:</span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px"><img src="http://snag.gy/uKKx8.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /> </span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px">If you click the "Change parameters" link in blue above the Start scan button, a new window will popup with some changeable settings for the scan. </span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px">Screenshot is in the below spoiler:</span></p><p><span style="font-size: 12px">[SPOILER]</span></p><p><span style="font-size: 12px"><img src="http://snag.gy/QdTCb.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /> </span></p><p><span style="font-size: 12px">[/SPOILER]</span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px">I am going to check "Loaded modules" for this thread under "Objects to scan".</span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px"><strong>NOTE: After ticking "Loaded modules" you will be proceeded with an alert to reboot the system.</strong> This reboot will allow Kaspersky TDDSKiller to load it's Kernel Mode driver on the system.</span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px">Now, we can start our scan by clicking "Start scan".</span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px">[SPOILER="Scanning Image"]</span></p><p><span style="font-size: 12px"><img src="http://snag.gy/SqCnT.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /> </span></p><p><span style="font-size: 12px">[/SPOILER]</span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px">After Kaspersky TDDSKiller has completed scanning, you will be presented by the Scan Results:</span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px"><img src="http://snag.gy/o4vHf.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /> </span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px">In this case, no threats have been found on the system during the scanning process.</span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px">By clicking "details" link, a new window will be opened which will display the detections in a organized fashion:</span></p><p><span style="font-size: 12px">[SPOILER]</span></p><p><span style="font-size: 12px"><img src="http://snag.gy/SkEf6.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /> </span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px"><img src="http://snag.gy/270gt.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /></span></p><p> <span style="font-size: 12px"></span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px">I recommend only using the "cure" option. Deleting detections can result in causing the system to crash/become unstable. </span></p><p><span style="font-size: 12px">[/SPOILER]</span></p><p><span style="font-size: 12px"></span></p><p><strong><span style="font-size: 15px">Logs</span></strong></p><p><span style="font-size: 12px">You may need the logs for Kaspersky TDDSKiller one day. This may be because you are being assisted by a Malware Removal Expert, or have the correct knowledge to read through and understand the contents yourself. To get the results, all you have to do is click the "Report" link at the top menu under the exit/menu buttons for the window:</span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px">[SPOILER="Image"]</span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px"><img src="http://snag.gy/DL5qI.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /> </span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px"><img src="http://snag.gy/SxTDS.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /> </span></p><p><span style="font-size: 12px">[/SPOILER]</span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px">[SPOILER="Arguments"]</span></p><p><span style="font-size: 12px">Some information relating to the Arguments that TDDSKiller can take can be found at the bottom of this page: <a href="http://www.bleepingcomputer.com/download/tdsskiller/" target="_blank">http://www.bleepingcomputer.com/download/tdsskiller/</a></span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px">I have quoted the information below for you:</span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px">[/SPOILER]</span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px">That was all for today, if you would like me to update this thread with information on anything related to Rootkits or Kaspersky TDDSKiller, all you have to do is ask and I will see what I can do.</span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px"><strong>PLEASE NOTE THIS TOOL SHOULD BE USED WITH CAUTION.</strong></span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px">Cheers. <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite110" alt=";)" title="Wink ;)" loading="lazy" data-shortname=";)" /></span></p></blockquote><p></p>
[QUOTE="Deleted member 21043, post: 361284"] Hi everyone, [SIZE=3]In this guide I will be showing you how to use the famous Kaspersky TDDSkiller tool. [/SIZE] [B][U][SIZE=4]What is Kaspersky TDDSKiller?[/SIZE][/U][/B] [SIZE=3]Kaspersky TDDSKiller is an advanced Anti-Rootkit tool provided by Kaspersky Labs. The tool will run a scan and is designed to detect known and unknown rootkits (it can detect rootkit activity and clean it even if that certain rootkit is new and unknown to Kaspersky Labs). A rootkit (in my opinion) is a program which is designed to be undetected by the user and carry out unauthorized actions on the system. Nowadays, you can find a lot of rootkits which aren't "undetected" and "stealth". However, if you are infected by a very advanced rootkit which purpose is to stay undetected however steal information from your system (we can use an example here of the government rootkits recently which have been found on some systems/backdoors). They can also provide backdoor access to the system. A rootkit can load it's own drivers on the system (kernel mode) allowing it to be having control of all the other programs on the system. Kernel mode (AKA Ring 0) is preferred by rootkit developers as it gives them a lot more control that they may want. Of course, you can get rootkits which run in User Mode. User Mode rootkits (AKA rootkits which run in Ring 3) run in the same space that all your other programs run in. They can still do things such as: Intercept API calls. Root basically means "Administrator". The term "kit" basically represents a set of tools used to perform activities on the system. [/SIZE] [B][U][SIZE=4]Where can I download Kaspersky TDDSKiller?[/SIZE][/U][/B] [SIZE=3]Before we can start using Kaspersky TDDSKiller, we need to download it. You can download it off the official Kaspersky website. The download page is here: [URL]http://support.kaspersky.com/viruses/utility#TDSSKiller[/URL] Information from the Kaspersky website you should note: [/SIZE] [SIZE=3][B]Kaspersky also notes on it's website that it will also scan for bootkits.[/B] [/SIZE] [B][U][SIZE=4]How to use Kaspersky TDDSKiller[/SIZE][/U][/B] [SIZE=3]Once you have downloaded Kaspersky TDDSKiller (I saved it to my Desktop), open it up as Administrator. [B]**You will have to accept the EULA and KSN Statement**[/B] Once Kaspersky TDDSKiller has opened, it should look like the following screenshot: [IMG]http://snag.gy/uKKx8.jpg[/IMG] If you click the "Change parameters" link in blue above the Start scan button, a new window will popup with some changeable settings for the scan. Screenshot is in the below spoiler: [SPOILER] [IMG]http://snag.gy/QdTCb.jpg[/IMG] [/SPOILER] I am going to check "Loaded modules" for this thread under "Objects to scan". [B]NOTE: After ticking "Loaded modules" you will be proceeded with an alert to reboot the system.[/B] This reboot will allow Kaspersky TDDSKiller to load it's Kernel Mode driver on the system. Now, we can start our scan by clicking "Start scan". [SPOILER="Scanning Image"] [IMG]http://snag.gy/SqCnT.jpg[/IMG] [/SPOILER] After Kaspersky TDDSKiller has completed scanning, you will be presented by the Scan Results: [IMG]http://snag.gy/o4vHf.jpg[/IMG] In this case, no threats have been found on the system during the scanning process. By clicking "details" link, a new window will be opened which will display the detections in a organized fashion: [SPOILER] [IMG]http://snag.gy/SkEf6.jpg[/IMG] [IMG]http://snag.gy/270gt.jpg[/IMG] I recommend only using the "cure" option. Deleting detections can result in causing the system to crash/become unstable. [/SPOILER] [/SIZE] [B][SIZE=4]Logs[/SIZE][/B] [SIZE=3]You may need the logs for Kaspersky TDDSKiller one day. This may be because you are being assisted by a Malware Removal Expert, or have the correct knowledge to read through and understand the contents yourself. To get the results, all you have to do is click the "Report" link at the top menu under the exit/menu buttons for the window: [SPOILER="Image"] [IMG]http://snag.gy/DL5qI.jpg[/IMG] [IMG]http://snag.gy/SxTDS.jpg[/IMG] [/SPOILER] [SPOILER="Arguments"] Some information relating to the Arguments that TDDSKiller can take can be found at the bottom of this page: [URL]http://www.bleepingcomputer.com/download/tdsskiller/[/URL] I have quoted the information below for you: [/SPOILER] That was all for today, if you would like me to update this thread with information on anything related to Rootkits or Kaspersky TDDSKiller, all you have to do is ask and I will see what I can do. [B]PLEASE NOTE THIS TOOL SHOULD BE USED WITH CAUTION.[/B] Cheers. ;)[/SIZE] [/QUOTE]
Insert quotes…
Verification
Post reply
Top