New RootKit Extractor

I installed a rootkit on my Vista machine.  It was interesting to note that I have no virus software which would detect this root kit either in its zip file or in its executable.  You can read about that dangerous file here.

My usual fall-back for rooting out deep clinging nasties is ComboFix.  You can read about ComboFix here, but keep in mind it’s a last-line extraction utility and should be used with care (and maybe should be used by people who know what they are doing).  However, ComboFix was not able to locate this particular nasty.

Not only was ComboFix unable to find this rootkit but Spybot, Avast!, Security Essentials, Sophos Anti-Rootkit, and some random others were all unable to rid my system of this annoyance (or even find it for that matter).

Finally I heard about a utility Kaspersky is making called TDSSKiller.  (Thanks, Harry.)  It’s specifically a rootkit extractor so don’t expect more than that, but as far as rootkit extractors go this one’s rockin the misty bog.  I think it took less than two minutes to scan my system and offer to cure the file.  And it did find a bad file and cure it.  As far as I can tell it’s all better now.  Well, it’s still Vista; it’s not better in that respect.

Previously I would reboot the machine (usually because it was required by updates) and Avast! would snap the nasty when it poked its head up trying to take action.  I’ve rebooted several times now over a couple of days, and nothing seems to be out of the ordinary.  Excellent thus far.

Hope that helps you on your adventures.

 

Share

2 thoughts on “New RootKit Extractor

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>