[B-boy/StyLe/]

Is TDSSKiller updated to deal with it ?
Thanks !

[Blitskrieg]

Is TDSSKiller updated to deal with it ?
Thanks !

Yes, of course.

[B-boy/StyLe/]

Hi Blitskrieg,


Thanks - good to know that.

[EP_X0FF]

TDSS Bootkit Spawns Clones

[kmd]

any additional tips for removal in n00bs style? :D :mrgreen:

[rkhunter]

/fixboot /fixmbr will not help you, coz bootstrap code not patched, as I know. LiveCD is only way :(

[EP_X0FF]

any additional tips for removal in n00bs style? :D :mrgreen:

Using Paragon Partition Manager BootCD as example (Russian lang). There is also manual recovery from different OS/PC but I will skip this.

1. Boot from CD



2. Run Partition Manager, see MaxSS allocated partition set as active and main Windows partition without "Active" flag.



3. Set your Windows partition to be "Active" so OS can boot from it.



4. Delete rootkit allocated partition or unset it "Active" flag.
Note if you unset flag you can delete this partition later through Windows Computer Management -> Disk Management Console.



5. Confirm changes and reboot to boot normally from harddisk



WARNING.
MBR write operations are unsafe. Make sure you have backup of all your really important data before changing anything.

[CloneRanger]

@ EP_X0FF

Really useful/helpful advice etc about using PPM :) Thanks

[kareldjag/michk]

hi,

Another DRACULA for TDL4 family from BitDefender:
http://www.malwarecity.com/community/in ... howfile=43 32 bit
http://www.malwarecity.com/community/in ... howfile=44 64bit

As pointed out by Kamarade EP_XOFF, MBR and disk tasks in general requires a non live system...as in real life with chirurgial tasks!
And Linux live CD (forensics) can also be helful.

Regards

[NarfBang]

Hey all,
Does anyone have a family tree of TDSS and its progeny?
I'm interested in the timelines and history of how this family is evolving.
Cheers if ya want to move this post to a different thread.