[EP_X0FF]

Guess he means this http://www.combofix.org/ :D

[LeastPrivilege]

WTF is ComboFix?

:lol:

[SecConnex]

That would be a fake site for ComboFix.

The real site is hosted here: http://www.bleepingcomputer.com/combofi ... e-combofix

[SecConnex]

Apparently, Greatis product RegRun Warrior can detect and possibly remove TDL3 infection.

I have not tried. I hope someone else can.

The tool: http://www.greatis.com/security/RegRun_Warrior.htm


Note: I have saw many malware blogs from them showing a file infected by TDL3, and in the blog it shows it was detected by RegRun Warrior. Also, their tool UnHackMe might be a claim to detect TDL3 as well.

Also, this comment on the RegRun Warrior page bothers me:
"1. Virus removal is a simple when the virus is not active. The Warrior allows you to scan your computer from the "clean" Windows PE system."

[Elite]

UnHackMe... ROFL!

Curious to see if Greatis cooked up any new garbage.

[EP_X0FF]

This fake is paid, TDL3 detection is based on checking of mutex presence.

3006345f-6baf-4669-a7e1-aaa310564be9

This is not detection this is total fake. Interesting what will be if I will create the same named mutex on clean system? TDL3 infection verdict? :mrgreen: Apparently you don't need buggy paid sh*t from Dmitri Sokolov to remove TDL3 while system is _offline_. There is nothing to fix in registry.
There are a lot of free trustworthy tools for detection/removal of TDL3 available.

[SecConnex]

Haha Here is more to add to that: http://greatis.com/security/tdl3_removal.htm

Entertainment. :)

[sww]

An english version of our article. Finally.

[Every1is=]

Yeah, cool read. Its incredible how its done. It's a pain in the butt, this stuff, but I do admire the brainchemistry those guys must have :D

[EP_X0FF]

Excellent article about TDL3 with a lot of statistics about this world number 1 botnet.

http://www.nobunkum.ru/issue003/tdss-botnet/ (Ru version only)