TDSSKiller potentially dangerous

Discussion in 'other anti-malware software' started by Tarnak, Dec 28, 2012.

Thread Status:
Not open for further replies.
  1. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    I just ran a TDSSKiller scan and got detections for the first time. I think they are FPs.

    I think TDSSKiller, can be dangerous if you do not know what you are doing.

    ScreenShot_TDSSKiller_detections_01.jpg

    ScreenShot_TDSSKiller_detections_02.jpg

    I uploaded one of the files to Virus total... it came back, clear!

    ScreenShot_TDSSKiller_detections_03.jpg

    ScreenShot_TDSSKiller_detections_04.jpg

    Also, found this TDSS killer Backups, how to restore quarantined items? in the Kaspersky forums. Useful info, I think.
     
    Last edited: Dec 28, 2012
  2. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    Any tool such as this has the potential to do damage to your system,in the wrong hands.Certainly not for the type of user that runs a scan and blindly deletes any flagged files,without verifying the result first.

    I'd only ever advise inexperienced users to run the likes of MBAM or HMP,but there's no doubt that utilities such as this one can be of use in certain circumstances and tech savvy hands.
     
  3. AdvancedSetup

    AdvancedSetup Security Expert

    Joined:
    May 8, 2008
    Posts:
    130
    Location:
    USA
    I would agree. Any tool that is dealing with malware detection and removal can produce false positives and certainly has the potential to make the computer non bootable.

    Most programs are designed to try to mitigate and prevent a severe issue but there is never a 100% guarantee that a removal will not cause unexpected issues.

    You should always have your data backed up and on a schedule to backup changed data at all times. Even hardware failure can strike at any time and cause more loss or damage than an infection.

    There are also many sites with trained members to assist with safely detecting and removing infections or they can also let you know that a specific infection that you might have cannot easily be removed without possible further risks.
     
  4. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,127
    Location:
    USA
    And just in case someone gets the wrong idea TDSSkiller is excellent at doing exactly that, ie killing TDSS rootkit variants as well as a number of other rootkits that AVs typically cannot detect and/or remove. Use it with care, but definitely use it :thumb:
     
  5. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    Any security software that is used inappropriately will be dangerous.

    PS: Holy taskbar.
     
  6. m0use0ver

    m0use0ver Registered Member

    Joined:
    Jun 30, 2011
    Posts:
    81
    I wonder if they whitelisted the Kasperksy AV / IS driver..that afterall is another security application using a forged file as means of self defence.


    FYI forged files (using tricks some malware does) inorder to self defend but as advices above these are very good fix it tools but is a reason why the say for expert use only:thumb:

    An expert knows they are not f/p's but also they are not malware either.
     
  7. er34

    er34 Guest

    Actually anything on this planet can be dangerous if you do not know what you are doing. Stupid and unserious example but true - you have a printer and if you don't know what you are doing with it, you can try to eat its toner - this may be dangerous enough to kill you.
     
  8. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    Thanks...to all for your replies.


    I was nearly thrown by the result, initially, but I wasn't in the end.

    After, rebooting into the snapshot 2 days later, a clean scan is what I got. :)

    ScreenShot_TDSSKiller_detections_05.jpg

    P.S. Just started a new year...Happy New Year!
     
  9. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    CSIScanner is the legitimate name of the Prevx 3.0 service, so you definitely have a false positive here.
     
Thread Status:
Not open for further replies.