{"id":8232,"date":"2012-06-03T03:03:42","date_gmt":"2012-06-03T10:03:42","guid":{"rendered":"http:\/\/37prime.wordpress.com\/?p=8232"},"modified":"2012-06-03T03:03:42","modified_gmt":"2012-06-03T10:03:42","slug":"tdss-rootkit","status":"publish","type":"post","link":"https:\/\/37prime.com\/news\/2012\/06\/03\/tdss-rootkit\/","title":{"rendered":"TDSS Rootkit"},"content":{"rendered":"<p>A client called me because one of the office computer &#8220;was not working.&#8221;<\/p>\n<p>Well, the problem was much severe than described. It suffered from multiple malware infections. As usual, I used numbers of applications to detect and remove the malware. I also noted that this computer is unable to download any Windows Update.<\/p>\n<ul>\n<li><a href=\"http:\/\/www.microsoft.com\/security\/pc-security\/malware-removal.aspx\" target=\"_blank\">Microsoft&#8217;s Malicious Software Removal Tool<\/a><\/li>\n<li><a href=\"http:\/\/safety.live.com\/\" target=\"_blank\">Microsoft&#8217;s Safety Scanner<\/a><\/li>\n<li><a href=\"http:\/\/www.malwarebytes.org\" target=\"_blank\">Malwarebytes AntiMalware<\/a><\/li>\n<li><a href=\"http:\/\/www.bleepingcomputer.com\/combofix\/how-to-use-combofix\" target=\"_blank\">Combofix<\/a><\/li>\n<li><a href=\"http:\/\/www.safer-networking.org\/en\/spybotsd\/index.html\" target=\"_blank\">Spybot &#8211; Search &amp; Destroy<\/a><\/li>\n<li><a href=\"http:\/\/www.surfright.nl\/en\/downloads\" target=\"_blank\">Hitman Pro<\/a><\/li>\n<\/ul>\n<p><a href=\"http:\/\/37prime.com\/news\/wp-content\/uploads\/2012\/06\/hitmanpro-tdl-rootkit.jpg\"><img loading=\"lazy\" decoding=\"async\" title=\"hitmanpro-tdl-rootkit\" src=\"http:\/\/37prime.com\/news\/wp-content\/uploads\/2012\/06\/hitmanpro-tdl-rootkit.jpg\" alt=\"\" width=\"500\" height=\"102\" \/><\/a><\/p>\n<p>So, the system is infected with TDSS Rootkit.<\/p>\n<p>The next step is to download <a href=\"http:\/\/support.kaspersky.com\/faq\/?qid=208283363\" target=\"_blank\">Kaspersky Anti-rootkit utility TDSSKiller<\/a>.<\/p>\n<p>I made sure to &#8220;Change parameters&#8221; and select the option to detect TDSS file system.<\/p>\n<p>After a reboot, Windows is able to download and install updates.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A client called me because one of the office computer &#8220;was not working.&#8221; Well, the problem was much severe than described. It suffered from multiple malware infections. As usual, I used numbers of applications to detect and remove the malware. I also noted that this computer is unable to download any Windows Update. Microsoft&#8217;s Malicious &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/37prime.com\/news\/2012\/06\/03\/tdss-rootkit\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;TDSS Rootkit&#8221;<\/span><\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[946,3,4],"tags":[1966,934,2511,2556,2648,2896,936,3039,3216],"class_list":["post-8232","post","type-post","status-publish","format-standard","hentry","category-announcements","category-journal","category-news","tag-malware","tag-microsoft","tag-resources","tag-rootkit","tag-security","tag-tdss","tag-tech","tag-troubleshooting","tag-windows"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pcNtU-28M","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/37prime.com\/news\/wp-json\/wp\/v2\/posts\/8232","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/37prime.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/37prime.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/37prime.com\/news\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/37prime.com\/news\/wp-json\/wp\/v2\/comments?post=8232"}],"version-history":[{"count":0,"href":"https:\/\/37prime.com\/news\/wp-json\/wp\/v2\/posts\/8232\/revisions"}],"wp:attachment":[{"href":"https:\/\/37prime.com\/news\/wp-json\/wp\/v2\/media?parent=8232"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/37prime.com\/news\/wp-json\/wp\/v2\/categories?post=8232"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/37prime.com\/news\/wp-json\/wp\/v2\/tags?post=8232"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}