About Kaspersky TDSSKiller version [21-31 May 2012]

Discussion in 'other anti-malware software' started by FanJ, May 31, 2012.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    This is a little discussion about the version of Kaspersky TDSSKiller in the time-frame 21-31 May 2012.
    Reason is that some strange things has happened. It could be that Kaspersky has withdrawn some versions.

    1.
    On 21 May 2012 version 2.7.36.0 was released; I know because I checked it.

    2.
    On 23 May 2012 version 2.7.37.0 was released; I know because I checked it.
    See https://www.wilderssecurity.com/showthread.php?t=324767

    3.
    The List of Lists is saying that on 28 May 2012 version 2.7.38.0 was released.
    See http://lists.thedatalist.com/pages/AntiRootkit_Tools.htm#4
    (I haven't checked that)

    4.
    At the moment the Kaspersky site "Virus-fighting utilities" is saying it is version 2.7.36.0.
    http://support.kaspersky.com/viruses/utility

    5.
    At the moment the Kaspersky site "Anti-rootkit utility TDSSKiller" is indeed giving version 2.7.36.0 (released on 21 May 2012).
    http://support.kaspersky.com/faq/?qid=208283363

    So, I guess that Kaspersky has gone back to version 2.7.36.0 (or there is a problem with the Kaspersky site).

    Checksum of TDSSKiller (2.7.36.0):
    The file TDSSKiller.exe has the following Checksum(s)
    MD5 - 8BC41AA2F906216D384BA8F8CF6553CB
     
    Last edited: May 31, 2012
  2. Netherlands

    Netherlands Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    159
  3. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
  4. No_script

    No_script Registered Member

    Joined:
    May 12, 2012
    Posts:
    97
    Yes there is, the latest versions had a Trojan in it. Confirmed by Comodo and it's not a false positive it comes up again and again.

    Whether they were compromised I don't know. I doubt they would acknowledge it though.
     
  5. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    :eek:

    I'm trying to look for more info about it. Are you familiar with the links discussing it?


    Thanks
     
  6. No_script

    No_script Registered Member

    Joined:
    May 12, 2012
    Posts:
    97

    I don't know of any on open forums, but I trust Comodo isn't flagging it just because it's a Kaspersky tool. Their definitions & detection rates are pretty spot on most of the time so something's up.

    Also Dr Web may have been compromised or someone is doing MITM attacks on their download page.
     
  7. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,280
    I´ve just downloaded TDSS Killer and uploaded to VT. Comodo is the only vendor flagging TDSS Killer. Result: Packed.Win32.MUPX.Gen

    Considering that TDSS Killer is a Kaspersky tool, that Comodo is the only vendor detecting it, and that seems to be a generic signature i personally would say that probably is a false positive.
     
  8. Netherlands

    Netherlands Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    159
  9. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    You did mention it was confirmed by COMODO. So, it isn't confirmed by COMODO, at all. I can't find anything on their forums other than the info that user AlexC provided.

    And, what does DrWeb have to do with Kaspersky? o_O
     
  10. No_script

    No_script Registered Member

    Joined:
    May 12, 2012
    Posts:
    97
    Well I stand corrected, but I don't know why they have pulled the latest releases. Maybe for the false positives?

    If it''s been fixed why does it come up again?
     
  11. Nizarawi

    Nizarawi Registered Member

    Joined:
    May 26, 2008
    Posts:
    131
    hhhhhhh com on comodo fan boys

    kaspersky :thumb: :thumb: :thumb:
     
  12. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    To be honest, I feel no urge to ask Kaspersky Labs what happened with 2.7.37.0 (from 23 May) (and maybe with 2.7.38.0 as the current List of Lists is mentioning). Either Kaspersky Labs withdrew 2.7.37.0 (and 2.7.38.0 ??), or there is something wrong with their website.
    I have informed you now that the info in my initial post in the Update Alerts Forum is not correct anymore. That initial post in the Update Alerts Forum has a reply saying that it is not correct anymore and it points to this thread.
     
  13. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Well, the Kaspersky site is now giving version 2.7.38.0.
    And this site is indeed saying it is version 2.7.38.0.
    (Yesterday it was still giving 2.7.36.0).

    MD5 checksum:
    The file TDSSKiller.exe has the following Checksum(s)
    MD5 - 25798FA73C8CE1081B61E7BA5DB2A72F


    One thing is still odd:
    The current version 2.7.38.0 says that it is released on 25 May 2012.

    KAV-TDSSKiller_2012_06_05_1.gif

    And the current List of Lists says that it was released on 28 May 2012.

    KAV-TDSSKiller_ListofLists_2012_05_29_1.gif

    ===

    I'm yet undecided whether I will keep on posting updates for it on the Update Alerts Forum, but I think that I will stop with it.
     
  14. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    I'll stick with v2.7.35.0 until the confusion is cleared up.

    ScreenShot_Kaspersky_TDSSKiller_current_01.jpg
     
  15. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Tried the Kaspersky site and downloaded TDSSKiller, seems normal to me.
     

    Attached Files:

    • tdss.png
      tdss.png
      File size:
      11.3 KB
      Views:
      457
  16. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Hi Tarnak,

    I think that I'm learning something new from your screenshot:
    Am I right that TDSSKiller has an inbuild updater? If that's right, then I have to admit that it's completely new to me :oops:
    If that's right and if you got only version 2.7.36.0 as the last version, then the situation is even more bizarre because I got 2.7.38.0 by manually downloading it.
     
  17. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Hoi Gerard,

    Could you have a look at the date when it was digital signed, and give the MD5 checksum? Please ;)

    I downloaded it again on my XP-Home SP3 and I have the same as in my reply # 13.

    KAV-TDSSKiller_2012_06_05_2.gif
     
  18. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Sure Jan :)
     

    Attached Files:

  19. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Thanks Gerard :)
    We have the same file.

    So, there remain a few questions:

    1.
    What happened with the file in the time-frame of circa 21 May - 04 June 2012.

    2.
    Why does the List of Lists of 29 May 2012 says it is version 2.7.38.0 dated on 28 May 2012. I never had that one, but I haven't checked everyday. Would love to know its MD5 and digital sign. date.

    3.
    If TDSSKiller has an inbuild updater, why doesn't it tell you that 2.7.38.0 is the last version if you have 2.7.35.0 or 2.7.36.0.
     
  20. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    Hi FanJ,

    It does not update internally, but takes you to the website and downloads the latest zip file, which you extract to run. I just got version 2.7.38.0 from there, but I won't run it, for the moment.

    BTW, I just checked the exe at Virus Total, and it came up clear except for Comodo, saying otherwise.
     
  21. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Hi Tarnak,

    Thanks. Could you please explain what you have to do in TDSSKiller (where to click, etc.) to let it do so. ;)
    I have here also 2.7.36.0 and would like to learn that :oops:

    I never believed that it was infected.
     
  22. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    Hi FanJ,

    I just transfer from my download folder to the desktop, and run from there.

    ScreenShot_KasperskyTDSS_locate to desktop..jpg

    When it loads it will either run, or advise that there is later version, as per my original image posted initially. You should have no problem. :)
     
  23. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Hi Tarnak,

    Thanks ! :)
    For some reason it doesn't work for me on my system. I tried it the way you described. But it's not so very important. Important is that I now better understand what you meant, and that I misunderstood you about an "inbuild updater"! My apologies about my misunderstanding about that!
    Important is now also that it works for you in your way, meaning that you can get now also version 2.7.38.0 in your way.

    If I may go back to my points in reply # 19:

    Points 1. and 2. are now actually history. What happened and why: that's more up to Kaspersky. It would have been nice when a Kaspersky representative would have come over to the forum and told us about it; we might never know now but so be it.
    Point 3. has been clarified now by you (thanks again!).

    With all that said, I think that this thread comes now to its end.
    I stop posting TDSSKiller updates in the Update Alerts Forum.
     
  24. SLE

    SLE Registered Member

    Joined:
    Jun 30, 2011
    Posts:
    361
    They have a own forum esp. for TDSS-Killer . So if you have questions there is the right place to ask.Thats the way things go. Why the hell they should look at and jump into other forums discussions?
     
  25. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    FanJ said nothing more and nothing less than:
     
Loading...
Thread Status:
Not open for further replies.