ok this is weird, i just checked my downloads files, and i still see tdss killer from kaspersky, in the downloads for april. if you look at the screenshot above, it said ‘‘ok’’ next to clean. i dont understand this?
so im confused if it rermoved it or not, and why would it say it did if it’s still in the file, and i dont know how to read the signature, but i know i have the legitimate tdsskiller installed, but not sure if comodo is picking up another one that’s a trojan, and dont know which to submit but anyway, why does that screenshot say removed if it really wasn’t…im confused.
Apparently it was not removed. It could be a bug.
Unpack the zip file and right click on the tdsskiller executable and choose Properties. Navigate to the Digital Signatures tab. Then select the name of the signer and click on Details. Then see if it reports if the signature is OK or not. If it is ok it is the real and unscathed file.
If you want to submit it to Comodo submit it in the zip archive because that’s what apparently makes it falsely detect.
It is common for CCE to incorrectly flag tdskiller with the heuristics. If you downloaded tdskiller from a trusted source you can safely ignore that detection.
unfortunately im clueless on this stuff. when i go to control panel uninstall a program, i dont see the kaspersky cleaner, but when i go ‘‘downloads’’ and look at files, i see it.
im not sure how to unpack or unzip files. here is a screenshot.
It’s not in the control panel because tdskiller does not install itself to the computer. It just runs from the file in Downloads when manually run by you. Then, when you close it there is nothing left of the program except that one file sitting in downloads.
I see no reason to worry. Honestly, if it was malware it’s very likely it would have copied files to other areas, and not just stayed in downloads. I believe this is a legitimate file of tdskiller, and that the CCE detection was a false positive.
Please look at attached image. It shows the sequence I described in my previous post to check the digital signature of the TDSSKiller executable. Start with selecting and clicking the right mouse button. The image is then self explanatory.
[attachment deleted by admin]
Hello eric and others, last night I decided to delete tdss killer frm files and recycle bin, and then i ran a CCE scan. it came back clean. Weird thing is that this scan took 2 hours to complete as opposed to an hour 20 mins like it did the first time. I assume everything is ok now.
btw, if i wanted to run cce in safe mode is that possible? CCe reboots at the begginning so wouldnt it reboot to normal mode?
i’m going through the ‘‘how to know if you’re infected’’ article, and I reinstalled tdss killer. I did the executable download, and then checked all scan options, and it only took 48 seconds and scanned 1333 files. is this normal?
No threats were found.
weird i just did another scan that showed 1516 files in 38 seconds…no threats.
It is normal for Tdsskiller to scan very quickly. I wouldn’t be surprised at that scan time.
hello Chiron ;). I just finished all of the steps, and passed most tests, however autorun showed 4 untrusted processes in the category ‘‘image hikacks’’ here is the screen shots. Your input would be appreciated.
oh and on an unrelated note, can you send me the link to your article about configuring CIS since I upgraded from firewall to CIS. I remember you said proactive mode, but i see more than one there lol.
My guess would be that those files are likely safe. However, to be careful, please upload those files to Virustotal and paste a link to the results in your next reply.
By the way, the link to my article is here.
Thanks.
thanks. Is there an instruction tab in the ‘‘how to know if you’re infected’’ article about how to use virustotal? Would you mind sending me a direct link to virustotal so i dont go to a malware site?
i was able to locate your instructions for virustotal…checking now.
Ok, I checked virustotal, but I have a few questions.
1-In my screenshot it says there were 4 files, but when im looking at the screen shot, I only see two different ones listed two times…the hdd one and the sml launcher one?
2- They both seem to go to the same path smllauncher.exe?
3- I checked virustotal, and when i go to choose file, I couldn’t find the HDD one, just the smil launcher one, which got 0/51 detection
4- In your instructional guide, you show screenshots that say the result interpretation may be confusing, but when i ran the scan it just said 0/51 with checkmarks
Looking carefully at the screenshot I see that there are only two unknown files. Autoruns can show the same file more than once if it is associated with multiple entries. This is normal. I’m not sure why you can’t find the HDD one, but from the results from the previous I’m fairly certain that it’s not dangerous either.
A good idea at this time is to paste the link for the Virustotal results in this topic. Comodo staff can then analyze it and add it to the whitelist. This way it will not even show up in your results if you check again. If you can locate the HDD one, please do upload it to Virustotal and also submit it for whitelisting.
I don’t see any evidence that your computer is infected.
Thanks.
hi chiron, the virus total results only said it had been analzed previously and not been found to be a threat, then i renalyzed and it just said 0/51 next to the scanners.
btw, i just ran comodo antivirus(not cce) and this came up…looks like the tdss killer which i thought i removed. should i be concerned? it’s some weird numbered code now.
idk if the picture showed up
That sort of detection is normal. CIS will detect the quarantine of CCE, which is numbered like that. Nothing to worry about there.
thank you chiron for all of your help, thank you others like jkmaster and the rest of you. you all have been very helpful, and so is this program, and forum in general. 