What is an application.risktool?

I have a program called tdsskiller.exe(a root kit scanner from Kaspersky) that was flagged during an offline scan as “application.risktool.tdsskiller.a”

I can’t find info on what that means. I’ve had the program for months and have run multiple offline and online scans without it ever being flagged before.

I removed it but wanted to make sure what is was and if I need to worry about it.

Thanks!

Comments

  • Flexx
    Flexx mod
    edited October 2023

    TDSS, also known as TDL, is a rootkit malware that infects computers and takes control of the operating system. It is a very sophisticated malware that is difficult to detect and remove. TDSS can be used to steal personal information, install other malware, and control the computer remotely.

    In simple terms, TDSS malware is a type of virus that takes over your computer and allows hackers to do whatever they want with it. They can steal your personal information, install other malware, or even use your computer to launch attacks on other computers.

    TDSS malware is typically spread through malicious websites, email attachments, and USB drives. Once it is installed on your computer, it hides deep in the operating system, making it difficult to detect and remove.

    The detection of tdsskiller.exe by bitdefender as Application.RiskTool.TDSSKiller.A is incorrect since it is a genuine file by kaspersky to remove TDSS based by malware.

    I have reported the file to bitdefender malware research team to get the detection removed. Also @Alexandru_BD, @Mike_BD I would request you to kindly share the below hash with malware research team to get the detection removed at earliest.

    Hash: 2d823c8b6076e932d696e8cb8a2c5c5df6d392526cba8e39b64c43635f683009

    https://www.virustotal.com/gui/file/2d823c8b6076e932d696e8cb8a2c5c5df6d392526cba8e39b64c43635f683009?nocache=1

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Hello,

    The file is properly detected as PUA and can be whitelisted if used knowingly by the user. "Risktool" is a type of detection, and in case of detections on applications such as PUA/Application/Risktool/Adware, the user has the possibility to locally exclude the detected process.

    Some applications that are legitimate may trigger a "Risktool" detection IF they can also be used by malware. These are usually apps that can apply system settings, but in the wrong hands they may serve other malicious purposes as well.

    Regards

    Premium Security & Bitdefender Endpoint Security Tools user

  • @Alexandru_BD the application detected is really a false positive, it's not a riskware, not a pup/pua. The detection is totally incorrect. Kaspersky TDSS is a very famous utility offered by kaspersky to remove TDSS based malware and almost famous all over the world. And if you check on virustotal, only bitdefender detects its, which obvious makes it an incorrect detection. I totally agree on this with @MrMumbato

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Ok back to the drawing board then, let's see what we can do 🙂

    Premium Security & Bitdefender Endpoint Security Tools user

  • Although the tool is legitimate, it appears that the detection will be kept for this one, as there are still some risks involved if used inappropriately, according to the malware researchers. It can be whitelisted or deleted, depending on the user's preferences, so that's why it's being detected as PUA.

    Premium Security & Bitdefender Endpoint Security Tools user

  • Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Trust me, it isn't, although it may seem this way 😁

    Premium Security & Bitdefender Endpoint Security Tools user