[Meriadoc]

I wonder if the TDSS update for SAS was for detection of TDL2 variants (PRAGMA, H8SRT, _VOID etc.)

Quads

Detects but doesn't remove.

[SecConnex]

PRAGMA* is for a separate detection, since it is not TDSS itself. Instead it is Trj.Kryptik using TDL2's rootkit techniques. It lacks a few symptoms that TDSS encompasses.

[EP_X0FF]

I tested TDL3+ (posted on previous page) against Prevx 3.0, because I've heard some rumors about "super powers" inside this tool few month ago and "private technologies" somewhere inside Prevx which is able to detect and remove TDL3. As expected this calculator is totally blind and additionally flagged clean msvcrt.dll from clean Windows XP installation as malicious.

[Buster_BSA]

Seems like PrevX has good professionals of marketing with them but the reality is that sometimes PrevX is just more smoke than any other thing.

Reading some comments about PrevX someone may thing is kinda an esoteric security product. :o :D

[PX5]

All you heard was rumor, Prevx has never claimed to be able to see this infection, much less remove it.

We have standalone private tools for tdl3, thats it. ;)

[LeastPrivilege]

We have standalone private tools for tdl3, thats it.

Dear customer, please download and run ComboFix. :lol:

[USForce]

I think they posted a screenshot of their private tool some time ago in a blog post

Edit: screenshot found here: http://www.prevx.com/blog/150/Take-care ... count.html

[EP_X0FF]

Something telling me that I know how it works :))

[USForce]

Looking at the screenshot there's written (c)2009, that means the tool is around since a while

[PX5]

WTF is ComboFix?