What kind of problems have been caused for you by the TDSS rootkit?

stephenb

TDSS has been used by attackers again and again over the past couple of years. We had a problem with TDSServ and it was a royal pain to remove it. Making matters worse, or at least more annoying, Norton anti-virus was installed on the infected desktop, and it didn't prevent the infection. Have you seen recent attacks utilizing it, how have you addressed it and what type of problems have been the result?

Topic: Security
Answer this Question

Answers

2 total
jimlynch
Vote Up (29)

For those who aren't familiar with it, here's a good background article.

Rootkit.TDSS
http://www.wiki-security.com/wiki/Parasite/RootkitTDSS/

"Rootkit.TDSS is difficult to detect and remove. Rootkit.TDSS is not likely to be removed through a convenient "uninstall" feature. Rootkit.TDSS, as well as other spyware, can re-install itself even after it appears to have been removed.
You also run the risk of damaging your computer since you're required to find and delete sensitive files in your system such as DLL files and registry keys. It is recommended you use a good spyware remover to remove Rootkit.TDSS and other spyware, adware, trojans and viruses on your computer."

ncharles
Vote Up (27)

 

I experienced a TDSS infection a few months ago, despite the fact that my anti-virus software was up and current.  It essentially made my laptop essentially unusable, and slowed browsing down so much it was like suddenly having an old 14.4 dial-up connection (remember those?).   Even when I wasn't doing anything, I would get messages constantly that my computer was under attack and the anti-virus software was blocking it.   When I could finally go to a new webpage, my anti-virus software would pop up warnings with each page.  I was also getting redirected from the links that I tried to click on to completely unrelated sites.  It was a headache.

 

In the end, the way I dealt with it was Kasperky's TDSS killer, which you can find at: 

http://support.kaspersky.com/viruses/solutions?qid=208280684

 

Ask a question

Join Now or Sign In to ask a question.
Google, Dropbox and the Open Technology Fund are supporting a new organization focused on making open-source security and privacy tools more user-friendly.
Among six major U.S. cities, CSOs are paid the most in San Francisco and New York, but factoring in the cost of living makes Denver and Chicago the best bang-for-the-buck places.
Apple's iOS 8 addresses a serious weakness that could allow attackers to hijack the wireless network authentication of Apple devices and gain access to enterprise networks.
Legislation introduced in the U.S. Senate on Thursday aims to place limits on access by U.S. law enforcement agencies to emails and other communications stored abroad.
Two online advertising networks, Google's DoubleClick and Zedo, have been delivering malicious advertisements that could install malware on a person's computer, according to the security vendor Malwarebytes.
Google is turning on data encryption by default in the next version of Android, a step that mirrors broad moves in the technology industry to ensure better data security.
CloudFlare said it has engineered a novel way to handle sensitive encryption keys that allows organizations such as financial institutions to still use its caching service to fend off cyberattacks.
Samsung on Thursday announced price reductions and updates for its Knox security and management software for IT shops and a free My Knox service that is directly available to professionals using ActiveSync.
The breach of Home Depot's payment systems may have compromised 56 million payment cards as a result of malware that has since been eliminated, the company said Thursday.
Apple outlined its new privacy policy and set up a site to explain what information it collects from users and how it handles it, as the company enters new areas like health tracking and mobile payments that have potential privacy implications.