New
#11
Possible Commonality - TDL4 Rootkit?
I would advise anyone who has experienced the problem described in this thread, and in particular anyone who continues to face an inability to apply the update/patch in KB2506014, even manually via downloaded installer, to investigate and run Kaspersky's TDSSKiller, which can be found at:
Anti-rootkit utility TDSSKiller
While Microsoft's security advisory for KB2506014 never mentions TDL4, or the TDSS family of Rootkits specifically, and only generically addresses the concept of a Rootkit, the fact is that KB2506014 was very carefully and specifically designed to address flaws or "misfeatures" in winload.exe in terms of its handling of BCD variables related to the WinPE environment & kernel-mode code signing policy enforcement which TDL4 cleverly exploits. I just went through this mess yesterday, fixing a Win7 Home Premium x64 laptop for a friend.
I can post more later about how TDL4 operates, what KB2506014 specifically does to address that (since the security advisory is purposely somewhat vague in that respect), and why I believe that an infected system can fail to boot following even the manual installation of this update, if anyone is interested. The latter is somewhat a matter of conjecture on my part, but I have solid information on the first two topics I mentioned. In the meantime, this just might be the commonality some are looking for right now, and I strongly believe it'd at least be worth your while to investigate this possibility. I hope this helps those who are fighting with this, and again, if there is interest I will post to elaborate on the subject.
Quote