Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: New TDL4 rootkit successfully hiding from AV

09 Oct 2012   #1
A Guy

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 
New TDL4 rootkit successfully hiding from AV

Quote:
A new variant of TDL4 has been identified, and it is now ranked as the second most prevalent malware strains within two months since detection.
Source

A Guy


My System SpecsSystem Spec
.

21 Oct 2012   #2
endeavor

Vista/Win7/Win8/Win10
 
 

They recently released a new version (v2.8.13.0 - 10/12/2012) of...

Anti-rootkit utility TDSSKiller

...that hopefully will detect this.

It's worth keeping it around handy.

Good Info A Guy, thanks for the post about the new variant of TDL4.
My System SpecsSystem Spec
21 Oct 2012   #3
Bertison

Windows 7 Home Premium 64 bit. (On both machines)
 
 

Thanks A Guy, saved and stored!
My System SpecsSystem Spec
.


21 Oct 2012   #4
M1GU31

Windows 10 64bit Technical Preview
 
 

Thanks for the tip Aguy
My System SpecsSystem Spec
21 Oct 2012   #5
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

What would be the best way to stop infection from getting into bios and other hardware that are active before Windows and the security programs start up?
My System SpecsSystem Spec
21 Oct 2012   #6
COMPUTIAC

Windows 8.1.1 64bit
 
 

Quote   Quote: Originally Posted by endeavor View Post
They recently released a new version (v2.8.13.0 - 10/12/2012) of...

Anti-rootkit utility TDSSKiller

...that hopefully will detect this.

It's worth keeping it around handy.

Good Info A Guy, thanks for the post about the new variant of TDL4.
Thank's for the link.

Downloaded it,ran it,did not find anything, saved it on the desktop for future use.
My System SpecsSystem Spec
21 Oct 2012   #7
A Guy

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 

Quote   Quote: Originally Posted by Layback Bear View Post
What would be the best way to stop infection from getting into bios and other hardware that are active before Windows and the security programs start up?
That would have to be done by the BIOS manufacturer. Preventing the infection from getting on to your PC in the first place would have to be by Antivirus, firewall, etc. commonly used to prevent any infection. But if a BIOS infection does get in, and the BIOS is not capable of stopping it, you are literally owned.

Here is some interesting, if not downright scary, reading.

A Computer Infection that Can Never Be Cured - Technology Review

BIOS rootkit found in the wild

NIST proposes BIOS protection measures | bit-tech.net

A Guy
My System SpecsSystem Spec
22 Oct 2012   #8
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

Thank you A Guy for the web sites. Good reading.
My System SpecsSystem Spec
22 Oct 2012   #9
x BlueRobot

 

Just downloaded the Anti-Rootkit program, will help provide further protection for my system, may also get it installed on some of the other computers at home too.
My System SpecsSystem Spec
Reply

 New TDL4 rootkit successfully hiding from AV




Thread Tools





Similar help and support threads
Thread Forum
Cannot log into new accounts successfully
Hey guys, my situation is that whenever I make a new user account on my laptop (Gateway NV54, Windows 7 Prof. x64), I somehow cannot log in to it. What happens is I will click on the account and it will log in, however instead of proceeding to the desktop, it automatically logs off. Nothing that...
General Discussion
IE 9 Installed Successfully But MIA
I'm not sure exactly where to ask this, so I'll try here. I have installed (or so the Update History page tells me) IE 9 (Win 7 Home Ed 64-bit). The history says the installation was successful (actually, more than once). The list of Windows Features shows IE9 running. But when I click on any IE...
Browsers & Mail
Require (Rootkit.TDSS.TDL4) Rootkit Removal & Cleanup walkthrough
I would really appreciate some help from someone with experience with this matter. Introduction: Origin: False sense of security by AVG (updated), Windows kept updated, Browser settings, firewall, and self system maintainence. Presentation: Installed a 2nd HDD (Exclusively for daily...
System Security
TDL4 bootkit reinstates 64-bit infection capability
TDL4 bootkit reinstates 64-bit infection capability «
Security News
How TDL4 rootkit gets around driver signing policy on 64-bit machine
How the TLD4 rootkit gets around driver signing policy on a 64-bit machine. Story at The Register: World's most advanced rootkit penetrates 64-bit Windows.
System Security
Cannot come out of Sleep successfully
This is my first post on sevenforms. I've searched this site high and low and read many threads on people's sleep issues, however didn't see my exact issue so here goes. If this has been solved/discussed somewhere, please don't flame me, I did try and look. This is yet again another sleep...
BSOD Help and Support

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 10:44.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App