Somebody wants to call? :D
Ring0 - the source of inspiration
A forum for reverse engineering, OS internals and malware analysis
EP_X0FF wrote:It can't detect/remove TDL3. Actually all what it was able to detect - mapped tdlcmd.dll as BackDoor.Tdss.565yea you right, this version of rootkit contain a pieces of code exactly against drweb solution ;)
EP_X0FF wrote:There seems to be some steatlh TDL3 update we missed :DAny-1 has a dropper to share?
erikloman wrote:hjwbxhqr.cn/21/download.php?expid=4&fid=1EP_X0FF wrote:There seems to be some steatlh TDL3 update we missed :DAny-1 has a dropper to share?
[main]
quote=Everybody's a jerk. You, me, this jerk. That's just my philosophy
version=3.273
botid=55045ff5-72b5-4a95-8c6b-5e958b314602
affid=20743
subid=0
installdate=2.6.2010 11:7:48
builddate=1.6.2010 22:22:23
rnd=448539723
[injector]
*=tdlcmd.dll
[tdlcmd]
servers=https://li1i16b0.com/;https://19js81030 ... n4cx00.cc/
wspservers=http://7gafd33ja90a.com/;http://n1mo661 ... 3kjf7.com/
popupservers=http
version=3.82
.rdata:00403130 String db 'Indestructible.',0Ah ; DATA XREF: start+5F1Thanks,
.rdata:00403130 db 'Determination that is incorruptible.',0Ah
.rdata:00403130 db 'From the other side.',0Ah
.rdata:00403130 db 'A terror to behold.',0Ah,0
.rdata:0040318F align 10h
.rdata:00403190 aKasperskyAvSux db 'Kaspersky AV Suxx :) and so others are',0