About Kaspersky TDSSKiller version [21-31 May 2012]

This is a little discussion about the version of Kaspersky TDSSKiller in the time-frame 21-31 May 2012.
Reason is that some strange things has happened. It could be that Kaspersky has withdrawn some versions.

1.
On 21 May 2012 version 2.7.36.0 was released; I know because I checked it.

2.
On 23 May 2012 version 2.7.37.0 was released; I know because I checked it.
See https://www.wilderssecurity.com/showthread.php?t=324767

3.
The List of Lists is saying that on 28 May 2012 version 2.7.38.0 was released.
See http://lists.thedatalist.com/pages/AntiRootkit_Tools.htm#4
(I haven't checked that)

4.
At the moment the Kaspersky site "Virus-fighting utilities" is saying it is version 2.7.36.0.
http://support.kaspersky.com/viruses/utility

5.
At the moment the Kaspersky site "Anti-rootkit utility TDSSKiller" is indeed giving version 2.7.36.0 (released on 21 May 2012).
http://support.kaspersky.com/faq/?qid=208283363

So, I guess that Kaspersky has gone back to version 2.7.36.0 (or there is a problem with the Kaspersky site).

Checksum of TDSSKiller (2.7.36.0):
The file TDSSKiller.exe has the following Checksum(s)
MD5 - 8BC41AA2F906216D384BA8F8CF6553CB

 

You could ask that in the TDSS part of the kaspersky forum:

http://forum.kaspersky.com/index.php?showforum=198

 

Aha, thanks; didn't know that.
If someone would be so kind to ask it over there, please

 

Yes there is, the latest versions had a Trojan in it. Confirmed by Comodo and it's not a false positive it comes up again and again.

Whether they were compromised I don't know. I doubt they would acknowledge it though.

 

I'm trying to look for more info about it. Are you familiar with the links discussing it?


Thanks

 

I don't know of any on open forums, but I trust Comodo isn't flagging it just because it's a Kaspersky tool. Their definitions & detection rates are pretty spot on most of the time so something's up.

Also Dr Web may have been compromised or someone is doing MITM attacks on their download page.

 

I´ve just downloaded TDSS Killer and uploaded to VT. Comodo is the only vendor flagging TDSS Killer. Result: Packed.Win32.MUPX.Gen

Considering that TDSS Killer is a Kaspersky tool, that Comodo is the only vendor detecting it, and that seems to be a generic signature i personally would say that probably is a false positive.

 

Lol comodo has flagged the tdds tool many times (all false positives) for example:

http://forums.comodo.com/empty-t75536.0.html

http://forums.comodo.com/empty-t83813.0.html

 

You did mention it was confirmed by COMODO. So, it isn't confirmed by COMODO, at all. I can't find anything on their forums other than the info that user AlexC provided.

And, what does DrWeb have to do with Kaspersky?

 

Well I stand corrected, but I don't know why they have pulled the latest releases. Maybe for the false positives?

If it''s been fixed why does it come up again?

 

hhhhhhh com on comodo fan boys

kaspersky

 

To be honest, I feel no urge to ask Kaspersky Labs what happened with 2.7.37.0 (from 23 May) (and maybe with 2.7.38.0 as the current List of Lists is mentioning). Either Kaspersky Labs withdrew 2.7.37.0 (and 2.7.38.0 ??), or there is something wrong with their website.
I have informed you now that the info in my initial post in the Update Alerts Forum is not correct anymore. That initial post in the Update Alerts Forum has a reply saying that it is not correct anymore and it points to this thread.

 

Well, the Kaspersky site is now giving version 2.7.38.0.
And this site is indeed saying it is version 2.7.38.0.
(Yesterday it was still giving 2.7.36.0).

MD5 checksum:
The file TDSSKiller.exe has the following Checksum(s)
MD5 - 25798FA73C8CE1081B61E7BA5DB2A72F


One thing is still odd:
The current version 2.7.38.0 says that it is released on 25 May 2012.



And the current List of Lists says that it was released on 28 May 2012.



===

I'm yet undecided whether I will keep on posting updates for it on the Update Alerts Forum, but I think that I will stop with it.

 

I'll stick with v2.7.35.0 until the confusion is cleared up.

 

Tried the Kaspersky site and downloaded TDSSKiller, seems normal to me.

 

Hi Tarnak,

I think that I'm learning something new from your screenshot:
Am I right that TDSSKiller has an inbuild updater? If that's right, then I have to admit that it's completely new to me
If that's right and if you got only version 2.7.36.0 as the last version, then the situation is even more bizarre because I got 2.7.38.0 by manually downloading it.

 

Hoi Gerard,

Could you have a look at the date when it was digital signed, and give the MD5 checksum? Please

I downloaded it again on my XP-Home SP3 and I have the same as in my reply # 13.

 

Sure Jan

 

Thanks Gerard
We have the same file.

So, there remain a few questions:

1.
What happened with the file in the time-frame of circa 21 May - 04 June 2012.

2.
Why does the List of Lists of 29 May 2012 says it is version 2.7.38.0 dated on 28 May 2012. I never had that one, but I haven't checked everyday. Would love to know its MD5 and digital sign. date.

3.
If TDSSKiller has an inbuild updater, why doesn't it tell you that 2.7.38.0 is the last version if you have 2.7.35.0 or 2.7.36.0.

 

Hi FanJ,

It does not update internally, but takes you to the website and downloads the latest zip file, which you extract to run. I just got version 2.7.38.0 from there, but I won't run it, for the moment.

BTW, I just checked the exe at Virus Total, and it came up clear except for Comodo, saying otherwise.

 

Hi Tarnak,

Thanks. Could you please explain what you have to do in TDSSKiller (where to click, etc.) to let it do so.
I have here also 2.7.36.0 and would like to learn that

I never believed that it was infected.

 

Hi FanJ,

I just transfer from my download folder to the desktop, and run from there.



When it loads it will either run, or advise that there is later version, as per my original image posted initially. You should have no problem.

 

Hi Tarnak,

Thanks !
For some reason it doesn't work for me on my system. I tried it the way you described. But it's not so very important. Important is that I now better understand what you meant, and that I misunderstood you about an "inbuild updater"! My apologies about my misunderstanding about that!
Important is now also that it works for you in your way, meaning that you can get now also version 2.7.38.0 in your way.

If I may go back to my points in reply # 19:

Points 1. and 2. are now actually history. What happened and why: that's more up to Kaspersky. It would have been nice when a Kaspersky representative would have come over to the forum and told us about it; we might never know now but so be it.
Point 3. has been clarified now by you (thanks again!).

With all that said, I think that this thread comes now to its end.
I stop posting TDSSKiller updates in the Update Alerts Forum.

 

They have a own forum esp. for TDSS-Killer . So if you have questions there is the right place to ask.Thats the way things go. Why the hell they should look at and jump into other forums discussions?

 

FanJ said nothing more and nothing less than: