TDL4 Rootkit - Being Used As A Proxy

5,702

Sign in or sign up now!

Uploaded by mrizos on Jul 11, 2011

In this video I'll show you how the new TDL4 Rootkit uses an infected PC as a proxy server. This is one of the main -features- of the TDL4 rootkit

Category:

Science & Technology

License:

Standard YouTube License

109 likes, 1 dislikes

Uploader Comments (mrizos)

Matt, do you think Comodo's sandbox or Defense + will catch this? It is supposed to catch 99.5% of all unknown malware.. Even the comodo firewall will pickup the remote connections.

Thesaakeman 7 months ago
@Thesaakeman I'm pretty sure D+ would prevent this. I'll run a test and upload the video.

mrizos 7 months ago
oh forgot to add thumbs up good vid matt ;)

LokiV 7 months ago
@LokiV thanks!

mrizos 7 months ago
nice video

Serj960HD 7 months ago
@Serj960HD thx

mrizos 7 months ago

see all

All Comments (93)

@12345shre not necessary in trouble you if the person that got hit by the rootkit and haves the dr web boot cd or windows instill disk you can save your pc

nsm0220 1 day ago
the stealth TDL4 is characteristic bot.

however,this rootkit can be removed unless the bot master begans hacking u and break through your machine then u are in trouble!

12345shre 2 days ago
@longhairsRcool PART 2: So even if you think you've removed it it's likely attached to a driver as that's what it's designed to do and with TDL4 it's a random driver i.e. with kernel level access and it can then re-install itself. The only smart way this can be removed as best as I know is with a bootup live CD and knowing what to remove. That said with infections this bad it's really probably smartest to just re-install windows 7 honestly and focus on stopping malware to start with.

longhairsRcool 2 weeks ago
Hey Mirzos, Security Expert, and computer programmer here. Just because this is partially detected by (correct me if I'm wrong) tdsskiller doesn't mean that if you try removing the hidden drive etc, using tdsskiller that the rootkit is gone. Being that it is a KERNEL MODE rootkit which bypasses kernel patching, kernel signing, and kernel code signing procedures by Microsoft it's very hard to remove conventionally.

longhairsRcool 2 weeks ago
@grand433 He uses Norton Internet Security 2012, and COMODO Firewall

asvb232 2 months ago
Matt....

It is to be noted that if u have dell...u will have to first remove the TDL4 rootkit that has infected the MBR....then replace the faked MBR code with a standard one....but the MBR code of dell is unique...u will have to first replace it with a standard one and then use DSRfix to have your dell mbr back....if u dont get the custom mbr code back...u ose access to recovery partition...no console will get the custom mbr back...

12345shre 4 months ago
what is your favorite anti virus ?

grand433 5 months ago
@mrizos

hey man nice vids but just went onto task manager and seen loads of svchosts.exe what shall i do

coolgangsam 6 months ago
Matt when you download malware virus and stuff to a Virtual Machine on your actual PC, do you risk getting your actual PC infectet?

I am a little insecure about that...

Please reply so I don't do something stupid...

bnp97 7 months ago
I think this is what my brother has, but how do I get rid of it? I ran Superantispyware, malwarebytes, and tdss killer, but that won't find anything sas just finds traces. But it is still not fixed.

laurasautographs 7 months ago

TDL4 Rootkit - Being Used As A Proxy

Category:

Tags:

License:

Link to this comment:

Uploader Comments (mrizos)

All Comments (93)