Rootkits are the ultimate in stealthy malware, burying themselves so deep into your system that they’re often very hard to spot. If you’re unlucky enough to encounter one then your antivirus package might detect it, but there are no guarantees, and so it may be wise to equip your PC with a second line of defence in Kaspersky’s TDSSKiller.
As the name suggests, TDSSKiller is designed to target a few, specific threats (TDSS, Sinowal, Whistler, Phanta, Trup, Stoned). These can be very dangerous, though, so having another way to pick them up isn’t going to hurt. And the program can also detect hidden services, forged files, MBR changes and other suspicious signs that could indicate infection by a brand new rootkit.
TDSSKiller is very easy to use. There’s no need to install anything, no jargon to master – just launch the program, click Start Scan, and wait. You won’t even be doing that for long, because TDSSKiller checks only the most likely areas of infection, your services and drivers, and so returned its verdict in only 14 seconds on our test PC.
Of course this extreme speed could raise some questions about the program’s thoroughness, and exactly how much it might miss. And certainly TDSSKiller isn’t going to replace specialist antirootkit tools like GMER any time soon. It proved good enough to spot a malware sample on our test PC, though, and the very quick scan times mean you’ll have no problems running it on a regular basis. (The program even supports command line options that might allow you to script its actions, running it at boot time or on other system events.)
It’s important not to lose sight of the potential dangers involved in any kind of rootkit removal, though, even with tools as simple as this one: deleting or quarantining a driver can leave your PC disabled, perhaps unbootable. And so if TDSSKiller highlights a particular file, then head off to your favourite search engine to find out more about it before you take any action.