A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #796  by IndiGenus
 Tue Apr 20, 2010 5:34 pm
djpnuemo wrote:FYI

ran dr.web cureit (downloaded today) and scanned the infected test system (used sample from http://www.kernelmode.info/forum/viewto ... p=779#p779). it found the pciide.sys infection (cured it about 12 times) and prompted for reboot. upon rebooted, infection is gone (confirmed with RkU and GMER).
Did you run Cureit from within the running system, or with the Live CD?
 #801  by djpnuemo
 Tue Apr 20, 2010 7:31 pm
IndiGenus wrote:
djpnuemo wrote:FYI

ran dr.web cureit (downloaded today) and scanned the infected test system (used sample from http://www.kernelmode.info/forum/viewto ... p=779#p779). it found the pciide.sys infection (cured it about 12 times) and prompted for reboot. upon rebooted, infection is gone (confirmed with RkU and GMER).
Did you run Cureit from within the running system, or with the Live CD?
within running system, not using any CD.

i've infected it again and am running it a second time atm and will update this post with results.
Boooooo wrote:confirmed even by TDSSKiller utility by Kaspersky?
yes.
 #851  by EP_X0FF
 Fri Apr 23, 2010 1:48 pm
Hello,

recent posts about Dr.Web CureIt! moved to separate topic Dr.Web CureIt! vs TDL3

Regards.