IPB

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> TDSS File System
canardblaanc
post 5.10.2011 19:55
Post #1


Newbie
*

Group: Members
Posts: 3
Joined: 3.07.2011




Would appreciate some help...

On the following TDSSKiller results:

Detected object count: 2
Actual detected object count: 2
\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
\Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
\Device\Harddisk2\DR2 ( TDSS File System ) - skipped by user
\Device\Harddisk2\DR2 ( TDSS File System ) - User select action: Skip

Selecting TDLFS when TDSSKiller is going to run detects the presence of the TDLFS file system which the TDL 3/4 rootkits create in the last sectors of hard disk drives for storing its TDL files.

If the User selected 'Skip', are these files quarantined by TDSSKiller, or just left alone?

If copied to quarantine, how does one permanently remove these files from there?

How would one go about removing files such as the following from the last sectors of the hard disk?
\HardDisk0\TDLFS\cfg.ini
\HardDisk0\TDLFS\mbr
\HardDisk0\TDLFS\bckfg.tmp
\HardDisk0\TDLFS\cmd.dll
\HardDisk0\TDLFS\drv64
\HardDisk0\TDLFS\cmd64.dll
\HardDisk0\TDLFS\drv32


Thanks for the help!!

Go to the top of the page
 
+Quote Post
Yury.Parshin
post 5.10.2011 21:22
Post #2


Virus Analyst
******

Group: KL Russia
Posts: 743
Joined: 21.10.2008




For remove TDLFS you need to select "Delete" action on Action Choice window.


Attached File(s)
Attached File  TDLFS.png ( 46.48K ) Number of downloads: 76
 
Go to the top of the page
 
+Quote Post
canardblaanc
post 6.10.2011 00:25
Post #3


Newbie
*

Group: Members
Posts: 3
Joined: 3.07.2011




Thank you for your prompt reply!!

Since these files are created in the last sectors of hard disk drive, if they are deleted, would presume that the action would not affect the MBR.

Would that be a correct assumption? The MBR shows as clean.



Go to the top of the page
 
+Quote Post
Canard blanc
post 6.10.2011 01:57
Post #4


Newbie
*

Group: Members
Posts: 2
Joined: 26.06.2009




On the above, also want to make sure that deleting the files created in the last sectors of the HDD does not damage any partitions.

Thank you again.
Go to the top of the page
 
+Quote Post
Yury.Parshin
post 6.10.2011 10:49
Post #5


Virus Analyst
******

Group: KL Russia
Posts: 743
Joined: 21.10.2008




TDSS File System - are remains of infection in the past. They are just garbage you can remove.
Go to the top of the page
 
+Quote Post
canardblaanc
post 6.10.2011 19:48
Post #6


Newbie
*

Group: Members
Posts: 3
Joined: 3.07.2011




Thanks again!
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic

 



Lo-Fi Version Time is now: 18.04.2014 06:58