[EP_X0FF]

Hello,

try different virtual machine for example VPC. Never tried TDL3 on VBox.

Regards.

[InsaneKaos]

I am currently using Virtual Box (3.1.4) and it works fine. Vbox (3.1.6) worked fine, too. But there were a problem with mbr.exe -t. Vbox crashed, so I decided to use 3.1.4.....

Here is a new TDL3dropper from 17.04.2010, try this one.

[EP_X0FF]

You can also try more recent TDL3 dropper from 19 April.
It is 3.273+ version (random driver infector), in my test it infected netbt.sys.

VirusTotal
(0/40 results)
http://www.virustotal.com/ru/analisis/0 ... 1271736715

As you see they updated packer, so all AV's generic detection again sucks.

[main]
quote=Everybody's a jerk. You, me, this jerk. That's just my philosophy
version=3.273
botid=
affid=
subid=0
installdate=20.4.2010 3:45:50
builddate=19.4.2010 22:8:11
[injector]
*=tdlcmd.dll
[tdlcmd]
version=3.74
delay=7200
servers=https://873hgf7xx60.com/;https://34jh7alm94.asia/;https://112.121.181.26/;https://61.61.20.132/;https://68b6b6b6.com/;https://1iii1i11i1ii.com/;https://0o0o0o0o0.com/
wspservers=http://lk01ha71gg1.cc/;http://zl091kha644.com/;http://a74232357.cn/;http://a76956922.cn/;http://91jjak4555j.com/
popupservers=http://zxclk9abnz72.com/
clkservers=http://mfdclk001.org/
[tasks]
tdlcmd.dll=hxxps://112.121.181.26/rDbtafVZlDjA

payload in tasks - updated tdlcmd.dll

[Gabethebabe]

Thanks a lot for the answers and the samples. I´ll try VBox 3.1.4. Looks like they have some work to do with 3.1.6 because starting up from OTLPE.iso also BSODs regularly.

0/41
:o

We will live to see the death of sig based AVs.

[EP_X0FF]

Hello all,

All Norman TDSS Cleaner related replies moved to special dedicated thread inside Software/Tools forum -> Norman TDSS Cleaner.

All offtopic posts about VirusTotal and antiviruses were moved to General Discussion forum -> VirusTotal/AV detection rate

Regards.

[fatdcuk]

Unsure if any revisions but out with Arnie and Sly...Bring on Brucey Whos is next ......place your bets!

http://www.virustotal.com/analisis/06e3 ... 1272379321

Have phun!

[EP_X0FF]

Hehe, I noticed S.Stallone few days ago =)

[EzzO]

Unsure if any revisions but out with Arnie and Sly...Bring on Brucey Whos is next ......place your bets!

http://www.virustotal.com/analisis/06e3 ... 1272379321

Have phun!

BackDoor.Tdss.based.5 - by Dr.Web

[Meriadoc]

Unsure if any revisions but out with Arnie and Sly...Bring on Brucey Whos is next ......place your bets!

http://www.virustotal.com/analisis/06e3 ... 1272379321

Have phun!

Looks like you were right

B.Willis

[EP_X0FF]

Funny mp3 from Dr.Web about TDSS/TDL3. Nothing new.

http://people.drweb.com/people/sergeyko ... 100430.mp3