TDL file system




@RedNose commented on the blog I put up recently about the tool my Russian colleagues have made available for dumping TDL's hidden file system: I'm going to respond here in case anyone else is confused about this.

"I ran the tool and it did not show anything. Does it mean that TDSS is not present?"

No, that's not exactly what it means. In the event that the tool doesn't find the TDL file system, it should show a message along the lines of

No TDL hidden file system detected.

If you're unsure about what the output was, run the tool from the command line cmd.exe using the -v (verbose) option:

tdlfsreader.exe -v

It must be run from the command line, and from an account with administrator privileges.

However, this isn't specifically designed to check for the presence of TDL. If that's all you want, it would be better to use the removal tool (or, better still, a frequently updated full scanner):

Obviously, I can't guarantee that any AV tool will detect the presence of all TDSS infections.

Thanks, Eugene, for the clarification.

ESET Senior Research Fellow

Author David Harley, ESET

Follow us

Copyright © 2015 ESET, All Rights Reserved.