[EP_X0FF]

They closing Dogma Millions and stopping payments. This means TDL3 is going to history and they working on a new project likely. However this can be fake. Will see result in October.

[Buster_BSA]

Sandboxie, Bufferzone, Returnil and VM's etc are OK for some malware samples but a lot are aware of such and won't run or only half run.

I want to see a malware being aware of Sandboxie when LOG_API.DLL and HideDriver are being used. ;)

[Jaxryley]

I want to see a malware being aware of Sandboxie when LOG_API.DLL and HideDriver are being used. ;)

With Sandboxie I meant the exploits that need to drop a rootkit.sys which Sandboxie doesn't allow.

Other than for rootkits Sandboxie/BSA/HideDriver is my main testing environment.

[SecConnex]

Hi.

I have just stumbled across a tool that claims to remove TDL3: http://www.at4re.com/download.php?view.28

[GamingMasteR]

Hi,

This is not new, it's been published before this topic start .
http://www.kernelmode.info/forum/viewtopic.php?t=244

Didn't test vs. recent TDL3+ version .

[SecConnex]

I know...I saw the date and said July 4.

[EP_X0FF]

ESET published some sort of article :) "They" found new TDL in the end of august, while it was discovered in the beginning.

ru version of post
http://habrahabr.ru/company/eset/blog/103249/

[nullptr]

Good to see that ESET is on the ball. :lol:

[EP_X0FF]

By the way, ESET antirootkit (ala SysInspector) is totally unable to detect any kind of working TDL3/4 as well as AV scanner, x64 version also.
"Vitalik" posted fake as always :)

[Buster_BSA]

I doubt SysInspector can be considered as a rootkit detector.