Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDSS-TDL (Alureon) infection on Linux and Unix?


  • Please log in to reply
6 replies to this topic

#1 tagfam

tagfam

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 06 September 2014 - 04:37 PM

We got an email from Comcast Guard that one or more computers appears to be infected by a bot.  When I went to www.amibotted.comcast.net it came up with the TDSS-TDL malware.  Currently we have no windows machines in our household.  One laptop was a windows but when it was detected that this Alureon virus had infected it, we put a new hard drive in and installed Linus mint instead of Windows as it previously had.  The other machines in our house are Mac OS.  So, my question is, could the laptop that was formerly Windows still have Alureon on it, despite having a new hard drive and operating system?  Can Alureon infect Linux and Unix systems?  If so, any advice on what we can do to permanently rid this virus would be very appreciated.  Thank you!



BC AdBot (Login to Remove)

 


#2 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,837 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:09:24 PM

Posted 06 September 2014 - 05:34 PM

Hi tagfam :welcome:  welcome to BC.

As this is in the Linux section I can reply.

 

I do not know the answer to your question,  From what I understand Alureon is some kind of boot kit. To be on the safe side I have reported this post to the malware response team, Somebody more qualified will reply soon.

 

Personal note.

 

 

Can Alureon infect Linux and Unix systems?

I doubt it.

I would delete all the partitions on the HDD with Gparted and format to ext4.


Edited by NickAu1, 07 September 2014 - 05:06 AM.


#3 tagfam

tagfam
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 06 September 2014 - 06:50 PM

Thank you for reporting this to the malware team, I wasn't quite sure where to begin in asking this question.  In doing a partition search, none showed up with HDD.



#4 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,837 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:09:24 PM

Posted 06 September 2014 - 07:25 PM

In doing a partition search, none showed up with HDD.

 

 

Sorry.

 

HDD  is just the actual Hard Drive

In Linux its sda.


Edited by NickAu1, 06 September 2014 - 07:34 PM.


#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,594 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:24 PM

Posted 07 September 2014 - 03:58 AM

Hi tagfam,

So, my question is, could the laptop that was formerly Windows still have Alureon on it, despite having a new hard drive and operating system?  Can Alureon infect Linux and Unix systems? 

 

The short answer is "no". :)

 

I'd ask Comcast what they detected exactly (traffic etc) and explain you have no Windows machines. Theoretically you can have HD with a TDL/TDSS infected MBR, but this infection really needs Windows to load. If you boot from linux, the infection isn't initiated and can't do a thing. However, if you changed the HD (or even simply reformatted it), there is no change of even a residual infection.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#6 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,837 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:09:24 PM

Posted 07 September 2014 - 04:23 AM

Thank you Elise.



#7 tagfam

tagfam
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 07 September 2014 - 07:43 AM

Thank you! Very helpful information that puts me at ease.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users