TDL3: The Rootkit of All Evil?
Results 1 to 9 of 9

Thread: TDL3: The Rootkit of All Evil?

Threaded View

  1. #1
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242

    TDL3: The Rootkit of All Evil?

    TDL-3's been "in the wild" for some time (2008?) from everything I can tell,
    but this weekend was the first time I've run across it. I'm posting this
    because I was altogether unable to get a handle on this thing until I got
    this client's desktop on the bench, and to make others aware there are
    increasingly sophisticated rootkits out there.

    My SOP (standard operating procedure, aka SOB) simply was not fixing this
    thing. I'd run Spybot and Malwarebytes only to have them come up clean.
    Antivir would clean malicious files, a dozen in one day at one point, but also
    seemed unable to get to the root (no pun intended) of what was going on.
    Basically what was occurring was this client's PC would get reinfected, and
    was running slow as well as suffering redirects from a Google search page (a
    primary symptom it turns out).

    Combofix, my "last resort" app found it, supposedly removed it on a reboot,
    only to have the thing return. There's a dropper in there somewhere. Finally
    I found a Kaspersky tool, which is available here:

    http://support.kaspersky.com/downloa...tdsskiller.zip

    Running TDSSkiller turned up the rootkit as HD0, which is unusual to say the
    least. I did run a system file check ("sfc /scannow" from the Windows shell)
    after finally getting this thing cleaned out as insurance. The computer I was
    working on was a 32 bit XP install, but this also infects 64 bit systems supposedly.

    ESET's got a whitepaper out on the rootkit and how it works. It apparently
    disguises itself as hardware.

    http://www.eset.com/resources/white-...3-Analysis.pdf

    And here's another white paper from Kaspersky's techs:

    http://www.securelist.com/en/analysis/204792131/TDSS

    HTH, brokencrow
    Last edited by brokencrow; December 20th, 2010 at 08:05 PM.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

Similar Threads

  1. The Problem of Evil
    By rcgreen in forum Cosmos
    Replies: 45
    Last Post: April 20th, 2007, 08:41 PM
  2. Axis of Evil
    By foxyloxley in forum Tech Humor
    Replies: 2
    Last Post: August 27th, 2004, 09:06 PM
  3. Hacked Red Hat 7.3
    By t3gilligan in forum *nix Security Discussions
    Replies: 18
    Last Post: February 28th, 2004, 02:31 AM
  4. Rootkit Scanner
    By Agent_Steal in forum *nix Security Discussions
    Replies: 9
    Last Post: December 13th, 2003, 07:34 PM
  5. Evil Overlord Plans
    By Terr in forum Tech Humor
    Replies: 4
    Last Post: September 6th, 2002, 02:39 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •