[Jaxryley]

Sample which BSOD's my XP VM.

patch.exe - 4/43 - Sophos - Mal/TDSSPack-Z - MD5 : 92dc11c5b405058f4258cba91ebbd6db
http://www.virustotal.com/file-scan/rep ... 1291202768

patch.rar

Pass:
malware
(123.06 KiB) Downloaded 73 times

[Meriadoc]

Hello Jaxryley,

vmware+xpsp3

TDL 4.03
cfg.ini

[main]
version=0.03
aid=40849
sid=0
builddate=4096
rnd=823518204
[inject]
*=cmd.dll
* (x64)=cmd64.dll
[cmd]
srv=hxxps://nl6fa53.com/;hxxps://li1i16b0.com/;hxxps://zz87jhfda88.com/;hxxps://n16fa53.com/;hxxps://01n02n4cx00.cc/;hxxps://lj1i16b0.com/
wsrv=hxxp://ijmgwareh0use.com/;hxxp://cljkcpixelabn.com/;hxxp://thynksn0taeg.com/;hxxp://jimgwareh0use.com/;hxxp://bestbanerget.com/;hxxp://pxlratator.com/
psrv=hxxp://cikh71ynks66.com/;hxxp://clkh71yhks66.com/
version=0.15

[Jaxryley]

Thanks for checking Meriadoc.

[EP_X0FF]

Non informative post removed. There is no need to do virustotal links posting thread. Further posts of this kind without actual samples attached will be removed as well.
Additionally if you want to thank somebody for something it is better to use specially built-in reputation system.

[AaLl86]

Hi Jaxryley!
Tested on Win7 X64 Vmware, TDL4 0.03 Ok!

Now i have only to find a way to debug it.... This damn faked Kdcom.dll!!!
Regards, Andrea

Sample which BSOD's my XP VM.

patch.exe - 4/43 - Sophos - Mal/TDSSPack-Z - MD5 : 92dc11c5b405058f4258cba91ebbd6db
http://www.virustotal.com/file-scan/rep ... 1291202768

patch.rar

[markusg]

http://www.virustotal.com/file-scan/rep ... 1291470182

[nullptr]

install.exe

[main]
version=0.03
...
srv=hxxps://rukkeianno.com/;hxxps://kangojim1.com/;hxxps://lkaturi71.com/;hxxps://neywrika.in/;hxxps://86b6b6b6.com/
wsrv=hxxp://skolewcho.com/;hxxp://jikdooyt0.com/;hxxp://swltcho81.com/;hxxp://switcho81.com/;hxxp://rammyjuke.com/
psrv=hxxp://cri71ki813ck.com/
version=0.15

[gjf]

Kaspersky Lab found TDL4 uses 0-day vulnrerabilty in latest versions (for Windows 7/2008 x86/x64: Windows Task Scheduler Privilege Escalation, CVE: 2010-3888). Sorry, but information is in Russian only in the present time.

BTW, good picture of TDSS :)

[ConanTheLibrarian]

Sorry, but information is in Russian only in the present time.

Here it is in English

[egomoo]

I have write a small tool to check which driver has been random infected in Windows PE.

You shoud run the tool in the PE as in normal mode the rootkit has given a safe dirver replace the infected one.

http://www.safereturner.com/bug/CheckTDL.exe

It is useful if a new one that TDSSKiller do not detect in normal mode.

the scan reprot
http://www.virustotal.com/file-scan/rep ... 1291362952