TDL4 is alive and well on x64

Discussion in 'malware problems & news' started by Victek, Dec 21, 2010.

Thread Status:
Not open for further replies.
  1. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    It has been speculated for a long time that rootkits could infect 64 bit systems, but today is first time I've seen it in the field. I was able to remove the TDL4 rootkit from Windows 7 x64 using Kaspersky's TDSSkiller in SAFE mode (by the way TDSSkiller is very fast - an indispensable antimalware tool). So much for x64 Patchguard.
     
    Victek, Dec 21, 2010
    #1
  2. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Hitman Pro was the first to remove the TDL4 x64 bootkit (in normal mode):
    http://www.kernelmode.info/forum/viewtopic.php?f=16&t=19&start=490#p2521

    The big AVs started it to call TDL4 but in fact it is just TDL3 that now infects MBR instead of a driver. You can read the entire thread on the TDL3/TDL4 rootkit. Quite informative.

    Btw. Hitman Pro also removes the additional malware that TDL4 drops on a system.
     
    erikloman, Dec 21, 2010
    #2
  3. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,275
    Location:
    Ontario, Canada
    Triple Helix, Dec 21, 2010
    #3
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...