Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDL3 rootkit is causing BSOD in 17-year old MS bug patch!


  • Please log in to reply
No replies to this topic

#1 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:02:29 PM

Posted 16 February 2010 - 09:13 AM

Interesting thread at Wilder's Forum: http://www.wilderssecurity.com/showthread.php?t=265297

I

t turns out that the TDL3 rootkit infection is related to the BSOD. See here: http://searchsecurity.techtarget.com/news/...1381423,00.html

PCs that are infected with the rootkit and run the patch (served by Windows Update) become unbootable!

The number of affected PCs tells us something about how widely spread the TDL3 rootkit is.

Statistics from our Scan Cloud:
Since November 30, Hitman Pro removed TDL3 infections from over 16.000 computers.
Interesting detail: 74.8% of those PCs were running an up-to-date AV.

That tells us how good this rootkit is in staying undetected or how difficult it is to remove this infection. TDL3 infects the hard disk driver (usually atapi.sys) and once loaded it serves the OS the uninfected driver, fooling most AVs as they see nothing wrong with the driver.


Edited by Union_Thug, 16 February 2010 - 09:15 AM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users