Can anyone else using InsaneKaos's sample find that FixTDSS ver. 2.1.2.1 will not detect the TDL infected MBR?? I can twice not have FixTDSS detect it with XP SP3 (not using VM or Sandbox programs),
The system is on harddrive0
05/04/11 11:38:09 Copy of MBR written to archive
05/04/11 11:38:09 Run Once Command: cmd /c start /D "C:" /B FixTDSS.exe -postboot -log
05/04/11 11:38:10 Isdidl value 0x0, Error = 0x0
05/04/11 11:40:42 Service key state 0
05/04/11 11:40:42 === Post-Boot Starting ===
05/04/11 11:40:42 Preboot IsDidl = 0x0
05/04/11 11:40:42 CheckMBRStatus = 00000000
05/04/11 11:40:42 The system is on harddrive0
05/04/11 11:40:43 MBR seems intact.
05/04/11 11:40:43 Suspicious use of kernel callback but MBR appears intact. Repair not done.
05/04/11 11:40:43 CheckMBRDetail = 00050c00
05/04/11 11:40:43 Load Image handler clean
05/04/11 11:40:43 Create Thread handler removed
05/04/11 11:40:43 Create Process handler clean
05/04/11 11:40:43 Plug and play handler error
05/04/11 11:40:43 No infections were found
05/04/11 11:40:43 Threat not found, hiding postboot dialog
05/04/11 11:40:43 Removing Service and settings
05/04/11 11:40:43 StopService...
05/04/11 11:40:43 Service Stopped
05/04/11 11:40:43 Service FixTDSS deleted
05/04/11 11:40:44 SHFileOperation FO_DELETE(C:\Documents and Settings\John\Application Data\FixTDSS) returned 0
05/04/11 11:40:44 DeleteFile(C:\WINDOWS\System32\drivers\FixTDSS.sys) returned 1
05/04/11 11:40:44 post boot returned -1, StartBuster returning FALSE
05/04/11 11:52:16 Sending ping with status=-1
05/04/11 11:52:16 Current Didl = 0, error = 0x0
05/04/11 11:52:16 Error sending HTTP request, error=12007
05/04/11 11:52:16 Ping data follows:
05/04/11 11:52:16 X-Custom-Tool-Result: -1
05/04/11 11:52:16 X-Platform-Guid: {B82DC261-E244-64b1-FC4E-E501081C0C26}
05/04/11 11:52:16 X-Product-Name: FixTDSS
05/04/11 11:52:16 X-Product-Version: 2.1.2.1
05/04/11 11:52:16 X-Last-Repair-Phase: 14
05/04/11 11:52:16 X-Repair-Detail: 0x00050c00
Quads
