Rootkit TDL3

ChrisJakarta · Post by **ChrisJakarta** » 19 Feb 2010, 04:00

It seems that the problems encountered when updating Windows with the MS10-015 update is (was) caused by a nasty called 'rootkit TFL3' (see BSOD after MS10-015? TDL3 authors "apologize"). This article states "...only really few specific anti-rootkits are able to detect the infection when active".

Searching for information about this nasty has not been very helpful. I can find no clear way of determining if I am infected (other than by updating MS10-015 - and it seems even that has been corrected by the nastyware disseminator), how to avoid infection, or the cure if required. Is this something I should be worried about?

Actually I am a little surprised that the response of the experts seems to be "OK we've found the cause of the problem with MS10-015, so that's alright', and even apparent appreciation to the nastyware disseminator for correcting the problem.

Chris

Post by **StuartR** » 19 Feb 2010, 08:03

ChrisJakarta wrote:...apparent appreciation to the nastyware disseminator for correcting the problem...

I think this was intended as irony,

ChrisJakarta · Post by **ChrisJakarta** » 19 Feb 2010, 08:24

StuartR wrote:
ChrisJakarta wrote:...apparent appreciation to the nastyware disseminator for correcting the problem...
I think this was intended as irony,

Stuart,

Yes, I'm sure you are right. But for those less well-informed who were worried about the problems with MS10-015, and perhaps (like me) not clear about what rootkits really are (they don't often appear in the malware descriptions), the impression given by these communications is that the problem has been solved by a patch in some offending code. Whereas, unless I am much mistaken, this poorly-described nasty remains a big (and increasing) problem.

Chris

Post by **StuartR** » 19 Feb 2010, 09:16

ChrisJakarta wrote:... this poorly-described nasty remains a big (and increasing) problem...

I agree, very nasty, and I also agree that far too few people understand the issue. That is why there are so many millions of PCs in botnets.

John Gray · Post by **John Gray** » 19 Feb 2010, 11:15

Has anyone come across an antiRootkit product that will detect and remove the TDL3 rootkit, all variants?

Post by **HansV** » 19 Feb 2010, 12:28

Hitman Pro 3.5 is mentioned as the one tool that can do that. (Free download, unlimited free scanning, 30 days free malware removal)

ChrisJakarta · Post by **ChrisJakarta** » 19 Feb 2010, 13:11

HansV wrote:Hitman Pro 3.5 is mentioned as the one tool that can do that. (Free download, unlimited free scanning, 30 days free malware removal)

Yeh, Hans, I saw that. But how does one know that these programs are bona-fide, and not another spoof that adds more malware?

Chris

Post by **HansV** » 19 Feb 2010, 13:19

Hitman Pro has been around for a while, and it's a reputable tool. It uses the online scanning engines from several well-known anti-malware companies such as Avira (AntiVir) and Eset (NOD32).

Eileen's Lounge

Rootkit TDL3

Rootkit TDL3

Re: Rootkit TDL3

Re: Rootkit TDL3

Re: Rootkit TDL3

Re: Rootkit TDL3

Re: Rootkit TDL3

Re: Rootkit TDL3

Re: Rootkit TDL3