TDL3 Rootkit 64 Bit Driver

KernelMode.info • View topic - Rootkit TDL 3 (alias TDSS, Alureon)

I can now confirm that the latest TDL3 has a working 64-bit driver. It supports injecting into 32- and 64-bit processes from kernel-mode, and is capable of hiding data just like the 32-bit version.

Dinesh said:

Hitman pro has the ability to remove TDL3 rootkit.

Not the one that is in the thread Jaxryley linked to.

dranfu said:

@Jaxryley

Offensive Computing | Community Malicious code research and analysis

All files uploaded here will be imported into the Offensive Computing Malware database. By using this service, you certify that you are not uploading any ...

Thanks dranfu but I am kept quite busy uploading samples to Malwarebytes.

If you join the KernelMode forum then the samples are available to download.

I do try to join in over at KernelMode but those fellas over there are so far advanced that I'm left scratching my head most of the time.

Dinesh said:

Corrine said:

Dinesh said:

Hitman pro has the ability to remove TDL3 rootkit.

Not the one that is in the thread Jaxryley linked to.

Hi, how do you know that?

As indicated in the thread, this is a new variant that researchers have still not obtained the dropper, although it appears that a_d_13 has file dumps for this variant from infected machines. All the bits are needed in order to create definitions. If anyone can do it, a_d_13 will.

Here's an article by Marco Giuliani of Prevx on the variant:

TDL3 rootkit x64 goes in the wild

(Sidebar: I have a great deal of respect for Marco and recall all his work on the Gromozon rootkit removal tool.)