Quote:
Originally Posted by wayner123
I hate to say this, but if you got one of the new TDL4 or TDSS rootkits, go ahead and reformat your hard drive. There are ways to check if you have this. Malewarebytes, bleepingcomputer and kaspersky all have great forums to help out with the problem.
The new version of the TDSS rootkits are unable to be removed or quarantined. No software company has come up with a solution yet. I had this problem a few weeks ago now and got the newest tdl4 version of the rootkit. After many days and hours of research I ran across some hacking websites. They were discussing these new rootkits and how they act. To sum it up, when the guys who get paid to hack can't figure out "how" the rootkit is even reacting, it's time to re-format.
Here's a great write up on the TDL3:
http://rootbiez.blogspot.com/2009/11...-lets-put.html
That was 2 revisions ago, and the latest ones are 10x worse. The secretly log and report any credit card numbers, bank account information, etc. |
I didn't know there were new versions out. The one I dealt with a while back required some file deletions and registry edits, but I managed to disable it. Sounds like the bad guys are getting badder.
I was lucky in that the first time it tried to "call home", Zonealarm caught it and asked me for permission to let it out through the firewall. I didn't recognize the program, so I denied permission, then discovered how badly I was infected, and eventually got things cleaned up. I suspect I still have some of the code somewhere, but I killed the executable commands. Nasty bugger.