brucefidalgo Posted July 27, 2012 Report Share Posted July 27, 2012 http://www.techsupportalert.com/best-free-rootkit-scanner-remover.htm#Avast%20Anti-Rootkit ...Avast Anti-Rootkit resembles a command prompt window but is fairly easy to use. It lets you scan your computer and MBR for rootkits and even fixes any issues. Understanding the output from Avast Anti-rootkit may be a little hard for some users but it does the job well. I tested it against TDSS and several other modern rootkits and it found all of them. Removal on the other hand was not as good as some of the other tools. But what it does have is a very useful tool that I personally would not be without; the ability to perform FixMBR right from within Windows. Link to comment Share on other sites More sharing options...
brucefidalgo Posted September 12, 2012 Author Report Share Posted September 12, 2012 ...How To Remove a TDSS Rootkit Easily Link to comment Share on other sites More sharing options...
brucefidalgo Posted September 12, 2012 Author Report Share Posted September 12, 2012 ...How To Remove a TDSS Rootkit Easily http://www.ehow.com/info_10047191_tdss-root-kit-do.html ..Stealth Techniques The reason for the huge spread of the TDSS root kit is the use of stealth to avoid detection by antivirus and other security software. As a root kit, TDSS hides components at the end of the hard drive, outside of the normal file system and hidden from applications. All files are encrypted on disk and decrypted on the fly, further helping to avoid detection. TDSS hijacks the Windows system drivers, overwriting parts with its own code so that the file size remains unchanged. The TDL-4 version of the rootkit can also infect the computer's master boot record, allowing it to load before the operating system. The root kit alters operating system files so that they do not report any TDSS files or activity, such as open network connections, hiding its existence from security software and the user. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.