06-13-2010 02:44 PM
I do find articles
But I also find Malware to run and install on my Computer in the real world (Not VM), whether it's Rootkits like TDL3 / TDL4, worms, Rogues, Trojans........................
If the infection is downloading more Malware from somewhere I let it download everything that it wants. Once completed I then set about breaking the Malware piece by piece to allow other programs to run and remove all the files and registry entries etc.
Like this thread for a user.
06-14-2010 05:48 PM
TDL installers are still appearing that Norton does not detect once downloaded or just sitting on the Desktop.
They do have some sort of sense of humour this one is by Chuck Norris with the Firefox icon, pic below
06-21-2010 02:17 AM
New TDL installer scanned
It also downloads other files
06-25-2010 04:22 PM
On testing I infected with TDL3 /4 and ran Norton Power Eraser, It detected the driver, but it also detected legit files so I don't know the actual reason for the detection or if it just happened to be a fuke in between the False Positives
NPE restarted the PC an preceeded to deleted or try and delete the driver and Controlset registry entry for it. Like Norton previously trying to or succeeding to delete the driver like "atapi.sys"
<Remediate DateAndTime="Saturday, 26 June 2010 Time: 09:52">
On checking I found that actually the driver had gone, So I placed it all back.
intelppm.sys = Intel Processor Driver
BSOD territory as we know from people on the forum previously and why Norton won't remove the driver for ".........Tidserv!inf" or shouldn't, unless a definition has been added causing the removal problem again
If Malware that infects /patches legit system files etc. is suspected, Tidserv is just one group, zeloaces is one other off the top of my head. it is not advised to use Norton Power Eraser to remove the types of infections as bigger problems can occur with removing drivers Windows needs.
09-17-2010 01:58 PM
TDL3 (+) and the Symantec free download "TDSS Fixtool"
It does "REPAIR" older TDL3 variant's, doesn't delete the file in question. If it's a newer variant at least the tool stops and does not attempt to instead delete the file even if it notifies that basically it can't repair the file.
Better than causing a non bootable Windows.
09-23-2010 12:25 PM
Boot.Tidserv, Tidserv.L Bootkit
version 0.01, without x64 code (one dropper it seems),
version 0.02 fully workable, (just few droppers) buggy, can cause non booting XP
version 0.03 with changed infector (driver too), also few samples, buggy, can cause non booting XP
09-24-2010 05:19 AM
Does TDDS tool detect latest TDDS?