Does CIS protect against TDL4 Windows-rootkit

Eljo · October 25, 2011, 2:54pm

Security.NL [Dutch]

TDL4 rebooted [English eset.com]

mod edit: URL made click-able & additional URL added. kail

casachit · October 25, 2011, 3:24pm

site gets blocked by secure dns??

Eljo · October 25, 2011, 4:08pm

mmm tinyurl problem? pasted normal url ;D

Eljo · November 6, 2011, 3:37pm

bump

and is it?

Customer has a laptop and is cut of the Internet by provider because of this Trojan, Comodo does not show !?

languy99 · November 6, 2011, 3:48pm

was the infection there before installing comodo or did it come in after? If before you could try using comodo cleaning essentials to see if that can remove it. For me to test it so see if it can protect against it, I would need a sample payload to see how CIS can handle the rootkit.

Eljo · November 7, 2011, 1:27pm

was the infection there before installing comodo or did it come in after?

Before CIS

comodo cleaning essentials

it looks like this CCE only looks at the normal partitions not the TDL4 partition.

Thats a bit the problem, this is a new rootkit and no one know how to stop or remove it.

loveboy_lion · November 8, 2011, 4:06am

Try using this for removal
http://www.downloadcrew.com/article/23637-bitdefender_tdsstdl4_removal_tool