How To Avoid Getting Infected By A TDSS Rootkit

donziehm · ‎12-29-2010

Run as a limited user! Run as a limited user! Run as a limited user!

The infection comes from the usual dropper spread by peer to peer networks or by crack and keygen websites, and it needs administrator privileges to run its payload. If UAC is disabled or the user voluntarily gives admin permissions, this infection can run even on Windows Vista and Windows 7. This is likely to be the usual scenario, where a user looks for specific cracks and don't mind if UAC warnings him, he gives admin privileges to the wanted crack.

This is the entire article courtesy of Prevx and an interesting read for the layperson: http://www.prevx.com/blog/139/Tdss-rootkit-silently-owns-the-net.html

Quads · ‎07-21-2008

Wrong Forum for this post. Should be Tech Outpost like the other TDSS threads of info.

Quads

donziehm · ‎12-29-2010

Unbelievable, put very much in corporate character.

Perhaps you were afraid that someone would read the detail Prevx writeup that mentions that Prevx will remove any subscriber's TDSS infection without charge?

Quads · ‎07-21-2008

I stated basically that the thread to to be moved to the Tech Outpost board, Why?? because that is what the Tech Oupost board was setup for, threads that had info, but nothing written about Norton Products which is what that product specific boards are for.

On the Tech Outpost Board there are also already threads about TDSS / TDL / Tidserv.

Quads

Stu · ‎04-08-2008

Quads wrote:
I stated basically that the thread to to be moved to the Tech Outpost board, Why?? because that is what the Tech Oupost board was setup for, threads that had info, but nothing written about Norton Products which is what that product specific boards are for.

On the Tech Outpost Board there are also already threads about TDSS / TDL / Tidserv.

Quads

Quads is correct.

This is the place for it.

But thanks for posting this info

"All that we are is the result of what we have thought"