It seems that the problems encountered when updating Windows with the MS10-015 update is (was) caused by a nasty called 'rootkit TFL3' (see BSOD after MS10-015? TDL3 authors "apologize"). This article states "...only really few specific anti-rootkits are able to detect the infection when active".
Searching for information about this nasty has not been very helpful. I can find no clear way of determining if I am infected (other than by updating MS10-015 - and it seems even that has been corrected by the nastyware disseminator), how to avoid infection, or the cure if required. Is this something I should be worried about?
Actually I am a little surprised that the response of the experts seems to be "OK we've found the cause of the problem with MS10-015, so that's alright', and even apparent appreciation to the nastyware disseminator for correcting the problem.
Chris
Rootkit TDL3
-
- StarLounger
- Posts: 97
- Joined: 05 Feb 2010, 11:06
- Location: Jakarta, Indonesia
-
- Administrator
- Posts: 12772
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: Rootkit TDL3
I think this was intended as irony,ChrisJakarta wrote:...apparent appreciation to the nastyware disseminator for correcting the problem...
StuartR
-
- StarLounger
- Posts: 97
- Joined: 05 Feb 2010, 11:06
- Location: Jakarta, Indonesia
Re: Rootkit TDL3
Stuart,StuartR wrote:I think this was intended as irony,ChrisJakarta wrote:...apparent appreciation to the nastyware disseminator for correcting the problem...
Yes, I'm sure you are right. But for those less well-informed who were worried about the problems with MS10-015, and perhaps (like me) not clear about what rootkits really are (they don't often appear in the malware descriptions), the impression given by these communications is that the problem has been solved by a patch in some offending code. Whereas, unless I am much mistaken, this poorly-described nasty remains a big (and increasing) problem.
Chris
-
- Administrator
- Posts: 12772
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: Rootkit TDL3
I agree, very nasty, and I also agree that far too few people understand the issue. That is why there are so many millions of PCs in botnets.ChrisJakarta wrote:... this poorly-described nasty remains a big (and increasing) problem...
StuartR
-
- PlatinumLounger
- Posts: 5487
- Joined: 24 Jan 2010, 08:33
- Location: A cathedral city in England
Re: Rootkit TDL3
Has anyone come across an antiRootkit product that will detect and remove the TDL3 rootkit, all variants?
John Gray
I advise you not to follow my advice.
I advise you not to follow my advice.
-
- Administrator
- Posts: 79317
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: Rootkit TDL3
Hitman Pro 3.5 is mentioned as the one tool that can do that. (Free download, unlimited free scanning, 30 days free malware removal)
Best wishes,
Hans
Hans
-
- StarLounger
- Posts: 97
- Joined: 05 Feb 2010, 11:06
- Location: Jakarta, Indonesia
Re: Rootkit TDL3
Yeh, Hans, I saw that. But how does one know that these programs are bona-fide, and not another spoof that adds more malware?HansV wrote:Hitman Pro 3.5 is mentioned as the one tool that can do that. (Free download, unlimited free scanning, 30 days free malware removal)
Chris
-
- Administrator
- Posts: 79317
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: Rootkit TDL3
Hitman Pro has been around for a while, and it's a reputable tool. It uses the online scanning engines from several well-known anti-malware companies such as Avira (AntiVir) and Eset (NOD32).
Best wishes,
Hans
Hans