Kaspersky TDSSKiller

I had someone come to me with a system infected with a WhiteSmoke toolbar.  Well it turned out to be a pretty horrible infection, that constantly redirected the browser.  I was unable to remove the infection using standard methods such as Microsoft Security Essentials and Malwarebytes.  That was because I was up against a rootkit infection.

A rootkit is a software system that is designed to obscure the fact that the system has been compromised.  That is why standard antivirus and malware programs cannot remove it.  Normally with this kind of infection, I reload the system.  However this system was pretty important and had a lot of vital data, so I did some research online.  After reading a few forums, including the Malwarebytes Forum, I heard of a tool from Kaspersky called TDSSKiller.

I was, with some difficulty, able to download and extract the zip file in Windows Safe Mode.  After that I ran the EXE and it was very intuitive.  It ran a quick scan, found the rootkit infection and asked to reboot.  I rebooted, ran it again and it found no infection.  I tested the browser and the re-directions were gone.  As a sanity check I also ran a quick scan of Malwarebytes and Microsoft Security Essentials to verify some of the other infection let in by the rootkit were also gone.

I have to say this was easy and an extremely useful tool that I plan to add to my arsenal of free antivirus software.  So if you have an infection that you cannot remove by antivirus or antimalware programs, or suspect you have a rootkit, download TDSSKiller from Kaspersky immediately.