My AntiTdl Software

Hi All!
I'm new in this community. I'll introduce myself: my name is Andrea and i'm an italian "unemployed" security researcher.
I would like to present my implementation of TDL3 Removal Tool. Is a personal big project, it runs on Windows Xp, Vista, 7, on all 32 bit platform (no 64 bit already). It's still in alpha but fully working. It doesn't support RAID software system like Windows Dynamic disk. This is the only limitation it has.

I'll appreciative if some of you can test it.... the link is:
-aall86.altervista.org/files/AntiTdl_0.1.zip-

Tell me what do you think, and sorry for my english but it's not my native language...

Have a nice day.
Andrea

 

u have not put any address in ur link

 

The link is there Just remove this: "-" in the beginning and this "-" in the end without qoutes.

 

oh yea rite..my mistake

 

It's strange... i've written the link but the system automatically change it. The right link is: -aall86.altervista.org/files/AntiTdl_0.1.zip-

Thx

 

Side note: according to (VirusTotal) McAfee-GW-Edition 2010.1C / 2010.11.29 /triggers a Heuristic.BehavesLike.Win32.Rootkit.H alert with AntiTDL.sys.

 

There is always something that will trigger their crap on something. Same is for my .NET Framework 4 fix. Bunch of heuristic detections just because i used an EXE wrapper for BAT.

 

No, sorry but my software is not a virus.... I can guarantee for it....
Is an antivirus software in alpha Version... try it if you would.... and tell me what do you think....

I don't know why Mcafee consider it a virus :-(

Btw, Meriadoc, i'm not abler to answer you in pm....

 

f/p due to enthusiastic McAfee 'flag everything' heuristics.

Andrea pm box emptied.

 

Just submitted your file to

virus_research@avertlabs.com
http://vil.nai.com/vil/submit-sample.aspx
https://www.webimmune.net/default.asp

and maybe they will respond to fix the false positive

 

So what exactly is your software supposed to do?

 

Read the first post.....

 

Its the GW version, so has to employ paranoid heuristics.

Why would I be interested in an alpha version of TDL3 removal tool where there are stable versions from well known vendors?

Also this seems to be your first thread in this forum. How can I be sure that it is not a RK itself? You might have the best intention but I guess the approach could've been better.

If you really say who you are then you might want to put it in the KM forum which is administered by EP_X0FF. That is the ultimate destination for all ARK tools.

Thank you for the tool though. All the best.

 

http://www.kernelmode.info/forum/viewtopic.php?f=11&t=504

I didn't know that forum before Meriadoc tell me of its existence....
Btw if you don't trust in this project you are free to not use it.... I'm not a malware writers, even if i think that TDL authors are the very very very good security devs....

Andrea