Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: TDL4 bootkit reinstates 64-bit infection capability

02 May 2011   #1

Arch Linux 64-bit
TDL4 bootkit reinstates 64-bit infection capability

Microsoft released security update KB2506014 on April 12 to address a vulnerability which allowed unsigned drivers to be loaded by 64-bit Windows. The TDSS/Alureon rootkit family, where TDL4 is a part of, was one of the more advanced rootkits that abused this vulnerability to load the rootkit during Windows boot up. TDL4 is also known as the Google Redirect Virus.
TDL4 bootkit reinstates 64-bit infection capability

My System SpecsSystem Spec
02 May 2011   #2

Vista Home Premium x86 SP2

For a greater technical depth of the new TDL4, see here: TDL4 rootkit is coming back stronger than before
My System SpecsSystem Spec
08 May 2011   #3

Windows 7 Ultimate 64-bit / Ubuntu Linux 11.04

Ugh... TDSS/Alureon, I hate this rootkit. It's the most common issue with computers in the office. So hard to detect and remove, and now they come up with a newer version.
My System SpecsSystem Spec
08 May 2011   #4

Windows 8.1 Pro x64

Its not actually a vulnerability, 64-bit versions of Windows do allow unsigned drivers to be loaded through a special command 'bcdedit /set loadoptions DDISABLE_INTEGRITY_CHECKS'
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows NT\Driver Signing]
Value Name: BehaviorOnFailedVerify
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = Ignore, 1 = Warn, 2 = Block)  HKCU\Software\Policies\Microsoft\Windows NT\Driver Signing" /v BehaviorOnFailedVerify /t reg_dword /d 00000000 /f
My System SpecsSystem Spec

 TDL4 bootkit reinstates 64-bit infection capability

Thread Tools

Similar help and support threads for2: TDL4 bootkit reinstates 64-bit infection capability
Thread Forum
New TDL4 rootkit successfully hiding from AV Security News
New Version of Stoned Bootkit Said to Bypass Windows 8 Secure Boot Security News
Do I have 64 bit capability? General Discussion
How TDL4 rootkit gets around driver signing policy on 64-bit machine System Security
Alureon Bootkit Trojan - Crossing the 64 bit Barrier System Security
Wireless Capability is Turned Off Network & Sharing
Touch capability General Discussion

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 07:56 PM.
Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App