Jump to content

Recommended Posts

As an answer to another post on the subject of time taken to do a Rootkit scan the OP received an answer which suggested he use TDSSkiller instead as it was much quicker. I had never heard or seen anything on this programme so thanks Fenderman mentioning it and another user for providing a link. It has prompted 2 questions which others may be able to answer who have a lot more knowledge of how K works than I do.

1. When the KIS scan finds a rootkit does it automatically delete it or does the user have to use TDSSkiller. If the latter does K give a link for TDSSkiller so the user knows what to do?

2. As TDSSkiller both finds and kills rootkits faster than the inbuilt K Rootkit scan according to one poster,  does anyone know of a reason why the TDSSkiller programme isn't incorporated into the inbuilt Rootkit scan?

There may be good computer engineering reasons why this is not possible but like possibly a lot of other users here,  my knowledge of such matters is non-existent so anything that helps improve my knowledge and that of others like me would be of great assistance.

Thanks 

mikethebike

 

  

Share this post


Link to post

 :rolleyes: Hey! How's going mikethebiker..? While you receive a techy answer get this

To Qstn -1) I read that on last versions - Kaspersky removed the ability from

the user to delete virus detected, instead are send them to quarantine

 

2) My guess is the - inbuilt kaspersky Scan - is considered enough to detect

any rootkits : Not long ago I installed this tool and couldn't get it at work..

So that I suspect, users have to Pause their kaspersky antivirus to use it

is better don't mess around, with this tool unless is advised for a Mod

Share this post


Link to post

Hi, guys. I have TDSSKiller version 3.1.0.17, and on my desktop as a shortcut.

I right click to run as Administrator, and it updates and then opens a UI with options.

You then have to accept the EULA and when done and I ran it, it took 20 seconds.

I downloaded it a while ago from KLAB's own site.

 

Share this post


Link to post

Thanks for info, indio and Fenderman1. If I have understood your info correctly it would seem that the KIS Rootkit scan does nullify/neutralise the rootkit by quarantining it but doesn't delete it. As it doesn't delete it, I assume that in K's wisdom it considers quarantining to be enough. It does not however mention to you that rootkits can be deleted by downloading TDSSKiller.  Can I take it that quarantining is enough and more importantly the rootkit remains permanently quarantined even if the user no longer subscribes to K  and moves to say Bitdefender for instance?

Fendermann1, I take it that once on your desktop as a shortcut you do as you suggest and it works without interfering with K? Can I ask what's a UI with options?

If it searches for rootkits as thoroughly as the K rootkit scan and also deletes them, then at 20 secs this is lightning fast compared to the 20 minutes that the K scan takes. However the benefit of the K rootkit scan is that it automatically runs every day whereas the TDSSkiller relies on the user to remember to use it. You could run both programmes but if it were the K rootkit scan that was using too much resources over the lengthy time of an hour as in the case of the OP, then you could do what I have described in the paragraph below  

It looks as if it is possible to uncheck a box which stops KIS  from operating the rootkit scan. In KIS2017 it seems to be a box under the Performance settings which says "search for software that is intended to conceal traces of a malicious program in the system(rootkits). So if a user was concerned with the time and presumably resources needed to do a rootkit scan he could uncheck the box which rids him of that problem but then relies on him running the TDSSkiller programme regularly.

I'd appreciate it if you could check and correct, if necessary my above statements.

I think indio has answered my query about why doesn't K incorporate the TDSSkiller into the rootkit scan, which is that the cost of so doing, assuming that such an incorporation were possible, outweigh the benefits that might accrue.

Finally, in case this is of any help to the OP, I have now seen how many files my rootkit scan checks and it is about the same as the OP but it takes only 20/21 minutes compared to the OP's one hour   

Thanks

mikethebike

 

    

 

 

Share this post


Link to post

Hi thanks for improving deeper the question of rootkit scan kas support team was able to answer me with basic language but without resolve the problem. i dont know but seems the kas rootkit engine is outdated to run a fast scan

Share this post


Link to post

The rootkit engine may be outdated, samuraikid,  but I don't know. I actually checked again and my rootkit scan over several days scans from about 2100 to 2300 files whereas yours scans 2700 but that difference on a proportional basis accounts for only about 5 minutes more. My files might be easier and quicker to scan of course but that is pure speculation on my part. It would appear from your last post on the other thread that K's explanation is that the Rootkit scan is designed to use minimum resources hence the time taken .

If I were in your position then the key aspect for me would be how much does the rootkit scan interfere with the working of my computer. If it is interfering a lot then the solution may be to do what Fenderman1 does and use TDSSkiller and to stop K from doing a rootkit scan in the settings options.

mikethebike

 

    

 

Share this post


Link to post

mikethebike, I downloaded the TDSSKiller from the KLAB site, and I think it was a portable app. IOW, you don't install it.

Just right click on the exe file, say if you downloaded it onto your desktop, and Run as Administrator.

It then shows you the EULA which you need to agree to, and then you will be shown the UI which has various scan options.

As to how efficient it is in scanning as opposed to the slow inbuilt option, that's a question for Tech Support !

Edited by Fenderman1

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.