Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: TDL3 Rootkit 64 Bit Driver


23 Aug 2010   #1

 
 
TDL3 Rootkit 64 Bit Driver

KernelMode.info • View topic - Rootkit TDL 3 (alias TDSS, Alureon)
Quote:
I can now confirm that the latest TDL3 has a working 64-bit driver. It supports injecting into 32- and 64-bit processes from kernel-mode, and is capable of hiding data just like the 32-bit version.


My System SpecsSystem Spec
.

24 Aug 2010   #2

Windows® 8 Pro (64-bit)
 
 

Hitman pro has the ability to remove TDL3 rootkit.
My System SpecsSystem Spec
24 Aug 2010   #3

 

Why don't you upload it to offensive computing.
My System SpecsSystem Spec
.


24 Aug 2010   #4

Windows® 8 Pro (64-bit)
 
 

Quote   Quote: Originally Posted by dranfu View Post
Why don't you upload it to offensive computing.
My System SpecsSystem Spec
24 Aug 2010   #5

Windows 7 & Windows Vista Ultimate
 
 

Quote   Quote: Originally Posted by Dinesh View Post
Hitman pro has the ability to remove TDL3 rootkit.
Not the one that is in the thread Jaxryley linked to.
My System SpecsSystem Spec
24 Aug 2010   #6

Windows® 8 Pro (64-bit)
 
 

Quote   Quote: Originally Posted by Corrine View Post
Quote   Quote: Originally Posted by Dinesh View Post
Hitman pro has the ability to remove TDL3 rootkit.
Not the one that is in the thread Jaxryley linked to.
Hi, how do you know that?
My System SpecsSystem Spec
24 Aug 2010   #7

 

@Jaxryley

Offensive Computing | Community Malicious code research and analysis

All files uploaded here will be imported into the Offensive Computing Malware database. By using this service, you certify that you are not uploading any ...
My System SpecsSystem Spec
24 Aug 2010   #8

 
 

Quote   Quote: Originally Posted by dranfu View Post
@Jaxryley

Offensive Computing | Community Malicious code research and analysis

All files uploaded here will be imported into the Offensive Computing Malware database. By using this service, you certify that you are not uploading any ...
Thanks dranfu but I am kept quite busy uploading samples to Malwarebytes.

If you join the KernelMode forum then the samples are available to download.

I do try to join in over at KernelMode but those fellas over there are so far advanced that I'm left scratching my head most of the time.
My System SpecsSystem Spec
24 Aug 2010   #9

Windows 7 & Windows Vista Ultimate
 
 

Quote   Quote: Originally Posted by Dinesh View Post
Quote   Quote: Originally Posted by Corrine View Post
Quote   Quote: Originally Posted by Dinesh View Post
Hitman pro has the ability to remove TDL3 rootkit.
Not the one that is in the thread Jaxryley linked to.
Hi, how do you know that?
As indicated in the thread, this is a new variant that researchers have still not obtained the dropper, although it appears that a_d_13 has file dumps for this variant from infected machines. All the bits are needed in order to create definitions. If anyone can do it, a_d_13 will.
My System SpecsSystem Spec
26 Aug 2010   #10

Windows 7 & Windows Vista Ultimate
 
 

Here's an article by Marco Giuliani of Prevx on the variant:

TDL3 rootkit x64 goes in the wild

(Sidebar: I have a great deal of respect for Marco and recall all his work on the Gromozon rootkit removal tool.)
My System SpecsSystem Spec
Reply

 TDL3 Rootkit 64 Bit Driver




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 12:24 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33