Kaspersky TDSSKiller

CNET Editors' review

by: CNET staff on August 20, 2012

Rootkits burrow into the roots of your Windows operating system, hiding and intercepting Windows API functions, often modifying them for their own purposes, which are seldom benign. TDSSKiller by Kaspersky Labs can find and remove rootkits, either in Normal Mode or Safe Mode. It targets malware where it lurks, including boot records.

We extracted and ran TDSSKiller, which immediately found an available update. Kaspersky strongly advised downloading the update before we scanned our system; we strongly agreed. This involved downloading and extracting a completely new copy of this compact, portable app, but that probably took less time than most ordinary updates. The tool's interface is about as simple as they come: one big Scan button, plus buttons to Change Parameters, view a Report, and Close the program. But the interface also describes what TDSSKiller targets, including a variety of known rootkits as well as rootkit-like anomalies, among them Sinowal, Stoned, Whistler, Trop, Cmoser, Pihar, and others, with new threats added by updates. We clicked Start Scan. TDSSKiller scanned 445 objects in our system in 13 seconds and found zero threats. That's what we expected it to find, but it's still a relief to see a clean report. We clicked Change Parameters, which let us select or deselect both Services and drivers and Boot sector for scanning (both are selected by default). The program only offers two more options: Verify file digital signatures and Detect TDLFS file system. A button lets you quickly restore the default settings.

Even though TDSSKiller found no malware to remove from our system, it generated a detailed report of every step of the recent operation. While we're glad we didn't need Kaspersky TDSSKiller, we don't doubt its ability to find what it claims it can, in part because we've had good experiences with other free utilities from Kaspersky Labs, but also because it's worked well for users who need it to clean up their systems. We're just glad it's available, and happy to run it on our supposedly clean system, even if only to prove it's clean. Come to think of it, that may be the best reason of all.

Kaspersky TDSSKiller - Detect and remove rootkit malware on your PC - Download Video Previews:

Publisher's Description

From Kaspersky Lab:

A rootkit is a program or a program kit that hides the presence of malware in the system. A rootkit for Windows systems is a program that penetrates into the system and intercepts the system functions (Windows API). It can effectively hide its presence by intercepting and modifying low-level API functions. Moreover it can hide the presence of particular processes, folders, files and registry keys. Some rootkits install its own drivers and services in the system (they also remain "invisible").

Kaspersky Lab has developed the TDSSKiller utility that allows removing rootkits. The utility can be run in Normal Mode and Safe Mode. It detects and removes the following malware: malware family Rootkit.Win32.TDSS; bootkits; rootkits.