This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

TDL rootkit woes..

I've got a Sophos protected PC infected with TDL rootkit.   I guess TDL 3.23 came out a couple days ago. It's probably what I have since  Sophos, GMER, and Malwarebytes can't detect it.   Do you have anything out yet that will find TDL 3.23 or know where I should go?  Hitman 3.5?  Combofix?   I'm getting lots of search engine click redirects, my host file is ok.   I've seen this before and was able to get rid of it with GMER.  Not this new one though.   It really is a piece of work.

http://virusvn.com/download/video-tutorial/tdl3_analysis_paper.pdf

-  Joe

:862


This thread was automatically locked due to age.
  • I got rid of it. TDSSKILLER recognized that the driver atapi.sys had been altered and fixed it up.  No more click hijacks.  I still don't trust the PC though.  I think I'll be wiping it and restoring from a 2 week old image backup just to be sure.

    -  Joe

    :876