06-02-2010 07:50 PM - edited 06-02-2010 07:53 PM
One version on TDSS (Tidserv) creates these entries and fools some removal programs in to thinking a Windows file like "userinit.exe" or "kernel32.dll" is infected when the Windows file seems clean Although it could have tried to infect a driver but failed due to some sort of flaw in the file I got. A bug inside a bug.
06-04-2010 05:05 PM
I'm not sure is a bug or with someone trying to change things but has left something out of the installer (programming) but this one is to easy for those who can deal to TDL 2, 3, 4 successfully
I got another installer from a Malware researcher I ran the installer and it's the same, with "TDL with a twist".
It's a matter of whether this is like a beta or first build of this change and so will only get better over time.
06-04-2010 05:12 PM
Ok I will sound like a dunce but you meant there was a mistake in the TDL removal software or a mistake/programming error in the TDL itself...sorry if I am a bit slow...
06-10-2010 01:06 PM
I'm starting to think these things are like unraveling DNA code...
We look forward to the time when the Power of Love will replace the Love of Power. Then will our world know the blessings of peace. ~William Ewart Gladstone
06-11-2010 03:10 PM - edited 06-11-2010 03:15 PM
Articles on TDL (1,2,3 & unofficial 4) there are other names it's known as.
Has hit number 1
Pesky rootkit looks like it's getting refined for attacks
Remember Alureon, the pesky rootkit, which hit the Windows enterprise scene in 2006 and absolutely bum rushed some Windows systems earlier this year?
Microsoft does and will for quite some time. The rootkit, which also goes by some of its technical aliases -- TDSS, Zlob and DNSChanger -- has to date infected nearly 2 million Windows systems.
Alureon is the guest of honor rootkit in Microsoft's recently released May Threat Report. Alureon accounted for 18 percent of all malware-infected Windows PCs in May.
This is Alureon's encore performance as the rootkit du jour in the April Threat Report.
Alureon is considered the culprit for the "screen of death," and system crash issues widely reported when users installed Microsoft Security Bulletin MS10-015.
Microsoft Malware Prevention Center staffers Vishal Kapoor and Joe Johnson said there were "several changes to the design of the rootkit to avoid detection and cleaning, revealing that the rootkit is still under active development and distribution."
This means that Alureon is going to be around for a while yet
By Jabulani Leffall
At least it can't beat Quads for PC's that turn up at my door
Bring on the next change