05-17-2010 02:49 PM - edited 05-17-2010 02:53 PM
TDSSkiller now correctly detects and cures TDL4 (as of Today)
I tested only like 10 minutes ago, The scan checks via the raw I/O.
Screenshot below, plus attached to this post is the log of the scan
Be aware though if you are infected with more than TDL3 / TDL4, like the thread for houston,
This may mean that TDSSkiller may not work due to other Malware blocking it. Other Malware may have to be stopped first and maybe removed before using TDSSkiller.
Multiple infections have to be stopped a lot of the time in the correct order of steps.
05-19-2010 02:34 AM
The latest TDL (Tidserv) I have found,
I have the list of servers (not posted here)
05-19-2010 07:11 AM
After infecting the PC with the latest installer,
TDSSkiller, Did not detect the driver
TDSS Remover, Did not detect the driver
For some reason, (maybe something went wrong, but I had to swap "kernel32.dll" over to.
05-19-2010 06:10 PM
I did find a product that doesn't need to be installed scanned and detected the infected swapped drivers,
One Problem, it deleted the drivers while still scanning, didn't wait and ask the user if the files were to be deleted, Just deleted.
05-24-2010 02:44 AM - edited 05-24-2010 02:51 AM
There are Rogues one being "Data Protection" that come with a TDL2 variant "PRAGMA"
With the ability to try and uninstall Security Software as part of the rogue
05-25-2010 03:16 PM - edited 05-25-2010 03:31 PM
Interesting I was reading the Symantec "Backdoor.Tidserv" Writeup
Warning, it's a mix and match of different TDL2's and TDL3's
Including this entry
I can see how people reading the writeup are going to get confused, seeing the different variants in one writeup. When a lot of the variants have to be looked at separately due to differences
Including differences in the removal procedures and programs used.
Sure a PC may be infected with more than one TDL2 (more than on set of files and registry entries) or TDL2 +TDL3. But the removal of them have to be looked at differently.
TDL2's can have it's files and registry entries removed / deleted (correctly), TDL3's this is not the case
TDL3's the infected driver (disk controller) has to be swapped with a clean copy, TDL2's this is not the case
TDL3 Infected drivers detected as "Backdoor.Tidserv!inf"