TDL3 /TDSS Rootkits –
I came across a windows XP laptop where I could not remove the malware. I tried a number of different tricks but it kept coming back. The symptoms were
- I could not connect to the windows update page at windowsupdate.microsoft.com.
- Attempting to visit certain websites would result in an ad page instead of the intended website.
- A win32 services error dialog would pop up occasionally.
My research led me to a new series of rootkits that hook themselves into your machine using trusted services such as the print spooler. They then hide themselves from windows and encrpyt themselves. Rootkit Revealer didn’t show the problem. I found a page here that offered a tool called hitman pro. Hitman pro will scan for free but you need to buy a subscription for about 30 Euros to clean the rootkits. I didn’t get to try that as I found a free tool from Kapersky that cleaned things up called TDSS Killer. There is also a free diagnostic tool called GMER that seems to have success at identifying and cleaning the new rootkits. I couldn’t find a good set of documentation on how to use the cleaning features of GMER although I could make a pretty good guess at the process.
In summary, the battle to keep malware from your machines has become a bit more difficult. Right now, the traditional antivirus apps are not able to reliably identify and kill these rootkits. You need to do a bit of manual sleuthing.
- How to get to the web on a virus infected PC
- Vista and Norton Internet Security not playing well together
- Managing Multiple Ruby Versions in Windows
- Blogger and duplicate descriptions in G’s Webmaster tools
- Found a sitemap generator
- Free Reverse Phone Number lookups appear to not be so free any more
- Find and remove duplicate files
- freegrader SEO analysis tool