The Latest in IT Security

TDL file system

14
Jun
2011

@RedNose commented on the blog I put up recently about the tool my Russian colleagues have made available for dumping TDL’s hidden file system: I’m going to respond here in case anyone else is confused about this.

“I ran the tool and it did not show anything. Does it mean that TDSS is not present?”

No, that’s not exactly what it means. In the event that the tool doesn’t find the TDL file system, it should show a message along the lines of

No TDL hidden file system detected.

If you’re unsure about what the output was, run the tool from the command line cmd.exe using the -v (verbose) option:

tdlfsreader.exe -v

It must be run from the command line, and from an account with administrator privileges.

However, this isn’t specifically designed to check for the presence of TDL. If that’s all you want, it would be better to use the removal tool:

Thanks, Eugene, for the clarification.

David Harley CITP FBCS CISSP
ESET Senior Research Fellow

Leave a reply


Categories

SATURDAY, JULY 31, 2021
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments