TDL file system

TDL4

0

@RedNose commented on the blog I put up recently about the tool my Russian colleagues have made available for dumping TDL's hidden file system: I'm going to respond here in case anyone else is confused about this.

"I ran the tool and it did not show anything. Does it mean that TDSS is not present?"

No, that's not exactly what it means. In the event that the tool doesn't find the TDL file system, it should show a message along the lines of

No TDL hidden file system detected.

If you're unsure about what the output was, run the tool from the command line cmd.exe using the -v (verbose) option:

tdlfsreader.exe -v

It must be run from the command line, and from an account with administrator privileges.

However, this isn't specifically designed to check for the presence of TDL. If that's all you want, it would be better to use the removal tool (or, better still, a frequently updated full scanner):

Obviously, I can't guarantee that any AV tool will detect the presence of all TDSS infections.

Thanks, Eugene, for the clarification.

David Harley CITP FBCS CISSP
ESET Senior Research Fellow

Author David Harley, ESET

Follow Us

Sign up to our newsletter

The latest security news direct to your inbox

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.