tdl3 rootkit browsers hook to directdr.com & urbtk.com

almost 1 month later and have had no ill effects, just a wee update. still a happy camper :>

my question is how does infect machines? I mean how does it get on in the first place.

is it drive by or something you have to execute.

usually people get infected by downloading "cracked software" or from p2p sites torrents ect, and u can also get bitten by visiting malicious sites,u could even download and install a codec which isnt what it seems, these rootkits are very clever my advice would be to use the wot (web of trust add on) which is available for firefox and internet explorer,malwareytes updated and scheduled to scan daily is another advantage for the end user [you], for that extra wee bit of security id recommend no script add on for firefox, which will disable any malicious sites from doing a drive by on you, hope u found this usefull and remember, "google is ur friend" he is wiser than yoda

well I mean how does this specific trojan infect.

my machine still goin strong 1 year later, but yesterday a family member brought me their laptop saying it was unusable due to the large amount of fake A.V alerts, my first port of call was to install mbam from a thumbdrive and it found 3000+ infections (seriously) thats a record for me, i let mbam clean em all (took a while) , afterward i decided to put FF on the lappy & prompt the owner to say goodbye to internet exploder, however on doing this i was redirected to gala search engine and the FF download was not pointing to mozilla.com , having seen this type of behaviour before, i downloaded combofix from bleeping computer to a thumbdrive, renamed it 123.exe and copied over to infected machine, i let combofix do its thing and yup it found a TDL 4 , corrupt MBR, im glad to say combofix also fixed this laptop which was running xp sp2 java version 5 & slimewire i left a READ ME.txt on desktop prompting owner to delete limewire, and of course i updated java,flash sp3, windows updates ect, so we have a new tdss in our midst and combofix nailed it once more :))