What kind of problems have been caused for you by the TDSS rootkit?

stephenb

TDSS has been used by attackers again and again over the past couple of years. We had a problem with TDSServ and it was a royal pain to remove it. Making matters worse, or at least more annoying, Norton anti-virus was installed on the infected desktop, and it didn't prevent the infection. Have you seen recent attacks utilizing it, how have you addressed it and what type of problems have been the result?

Topic: Security
Answer this Question

Answers

2 total
jimlynch
Vote Up (28)

For those who aren't familiar with it, here's a good background article.

Rootkit.TDSS
http://www.wiki-security.com/wiki/Parasite/RootkitTDSS/

"Rootkit.TDSS is difficult to detect and remove. Rootkit.TDSS is not likely to be removed through a convenient "uninstall" feature. Rootkit.TDSS, as well as other spyware, can re-install itself even after it appears to have been removed.
You also run the risk of damaging your computer since you're required to find and delete sensitive files in your system such as DLL files and registry keys. It is recommended you use a good spyware remover to remove Rootkit.TDSS and other spyware, adware, trojans and viruses on your computer."

ncharles
Vote Up (26)

 

I experienced a TDSS infection a few months ago, despite the fact that my anti-virus software was up and current.  It essentially made my laptop essentially unusable, and slowed browsing down so much it was like suddenly having an old 14.4 dial-up connection (remember those?).   Even when I wasn't doing anything, I would get messages constantly that my computer was under attack and the anti-virus software was blocking it.   When I could finally go to a new webpage, my anti-virus software would pop up warnings with each page.  I was also getting redirected from the links that I tried to click on to completely unrelated sites.  It was a headache.

 

In the end, the way I dealt with it was Kasperky's TDSS killer, which you can find at: 

http://support.kaspersky.com/viruses/solutions?qid=208280684

 

Ask a question

Join Now or Sign In to ask a question.
EBay faces a class action suit in a U.S. federal court over a security breach earlier this year.
A vulnerability broker published a video demonstrating one of several flaws it has found in the privacy-focused Tails operating system, which is used by those seeking to make their Web browser harder to trace.
Juniper Networks has divested its mobile security product line, selling the assets to a private equity firm for $250 million.
Six people have been indicted on charges of running an international ring that resold tickets bought through compromised StubHub accounts for some of New York's biggest concerts and sporting events.
Dutch intelligence services can receive bulk data that might have been obtained by the U.S. National Security Agency (NSA) through mass data interception programs, even though collecting data that way is illegal for the Dutch services, the Hague District Court ruled Wednesday.
The TOR Project thinks it has figured out how the author of a canceled Black Hat talk cracked its software to mask the source of Internet traffic, and it is working on a patch.
Businesses wanting the security of BlackBerry Enterprise Service 10 without the complexity of managing it onsite can now buy it as a hosted service from six BlackBerry partners.
A ransomware threat that encrypts files stored on the SD memory cards of Android devices has been updated to target English-speaking users with FBI-themed alerts.
A vulnerability in a web-based graphics system led to a breach of The Wall Street Journal's network by a hacker, the newspaper acknowledged late Tuesday.
A company that specializes in selling information on software vulnerabilities has reignited a debate over the handling of such information, especially when it pertains to privacy-focused tools.

White Papers & Webcasts

Webcast On Demand

Transform Your IT Service Management

Sponsor: EasyVista

See more White Papers | Webcasts

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

randomness