i have a new TDL4 Bot on my clients machine which doesnt allow me to run any tool…it cancels the launch of any anti-malware/anti-rootkit…I see a CMD that pops up for a second or so and cancels every ani malware tool launch.
Do you know the location of the file that launches?
Wouldn’t this need a registry edit that runs this ‘bot’ when a file is executed?
If it is a mere bat file then change the assoc with another bat file for the time being so that when the bat is ran you see the coding in notepad and the file path instead of it being executed.
You do know how to do that, right?
This bot cancels all the launch of any program…Yes i have USB sticks but its of no use…as the bot wouldnt allow me to operate the USB
Yes i have tried many linux based CD"s to get rid of it.
This one came to my workshop yesterday morning and i have been struggling to pick the right tool to kill it…it just cancels launch of explorer.exe and i am operating it in OTLPEnet enviroment…the bot has exploited the OTL linux based enviroment and cancels launch of any programs…However i load windows in OTLPEnet
the OS is vista.
I feel this is a military level based malware…
Right now,I am trying loading My KILLDISK application…
EDIT:KILLDISK Loaded! holy cra*p…Essexboy i have a bad news this is that stupid Bot that creates a fake floppy image that i have conversed with u on PM…
hole shit what of rootkit is this??? soooo friggin powerful… how does anyone even create it man have you tried booting into safe mode? use sardu and try boot up with dr web live cd?? if the rootkit doesnt block it lah… u can prepare those things on your own machine on a cd then try it on your customer’s one… im just giving opinions here… hope it works though
according to google searches of the tdl4 botnet… it appears to be near indestructible dont worry i’m helping you to find removal tools for it… i know it blocks but try lah
ok dude i think i know how to solve your problem here… get into safe mode and download or in anyway get GMER first… and then follow the instructions on these websites from kaspersky and bitdefender
you could try hitman pro… thats all the info i can find and get rid of public kad2 p2p thingy… its how they transfer the deadly bot… im sorry thats all i can help… there are not many tools out there capable of removing this tdl4 botnet… hope this helps remember to do this in safe mode
this varient exploits safe mode and linux enviroments and cancels anything from running…i will have to get this client machine back up running by next week! hope i find A solution soon…
OMG… i have no words to say man im sorry… in my whole entire life of malware research and prevention… i have never ever never once encountered a virus this powerful before… the only way to cure is to change to a new harddrive… if the virus takes over the motherboard… then the computer or laptop should be thrown away and get a new one… kaspersky saw this virus last year june 2011… perhaps the developers made a new one…toooo good
very very very smart indeed piece of virus check this out… important points that you can’t boot from safe mode or cd because the tdl4 botnet somehow resident it self in the MBR making it to load before windows load… and av scanners don’t scan this area of windows
why on earth is it on ubuntu O.o ? just kill the whole harddrive wipe it clean install fresh copy of windows xD and yes i understand the easy to say… hard to do thing ok