Thoughts, information and reflections about technology

TDL3 /TDSS Rootkits –

I came across a windows XP laptop where I could not remove the malware. I tried a number of different tricks but it kept coming back. The symptoms were

 

  • I could not connect to the windows update page at windowsupdate.microsoft.com.
  • Attempting to visit certain websites would result in an ad page instead of the intended website.
  • A win32 services error dialog would pop up occasionally.

My research led me to a new series of rootkits that hook themselves into your machine using trusted services such as the print spooler. They then hide themselves from windows and encrpyt themselves. Rootkit Revealer didn’t show the problem. I found a page here that offered a tool called hitman pro.  Hitman pro will scan for free but you need to buy a subscription for about 30 Euros to clean the rootkits. I didn’t get to try that as I found a free tool from Kapersky that cleaned things up called TDSS Killer.  There is also a free diagnostic tool called GMER that seems to have success at identifying and cleaning the new rootkits. I couldn’t find a good set of documentation on how to use the cleaning features of GMER although I could make a pretty good guess at the process.
In summary, the battle to keep malware from your machines has become a bit more difficult. Right now, the traditional antivirus apps are not able to reliably identify and kill these rootkits. You need to do a bit of manual sleuthing.

Similar Posts:

Leave a Reply

Your email address will not be published. Required fields are marked *

Contact me
Archives
Categories