Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 1 subscriber
  • Views 4685 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Trojan\TDL3Mem-A Cleaning

hsimah

Hello,

We run Sophos as our enterprise anti-virus solution. Yesterday one of our machines was found to have this trojan on it: TDL3Mem-A (http://www.sophos.com/security/analyses/viruses-and-spyware/trojtdl3mema.html). It says it needs to be manually cleaned, but the Sophos site linked does not have instructions for it.

According to the scan it has infected ntdll.dll:pid:00000ab0.

Any help offered would be greatly appreciated.

Cheers.

:2983


This thread was automatically locked due to age.
Parents
  • 0

    I have tried malwarebytes. it doesn't eliminate the trojan but blocks all the website the trojan tries to open. Could you share how you have removed it, like under safe mode? any information is appreciated.

    my observation is that after checking startup with msconfig, one 'NvCpl' always shows up after I check it off and restart. Officially, it relates to nvidia video cards and I have no doubt it's infected. additional proof is i tried to delete it in the registry and it always comes back right away. and I am 100% sure it was not there before troj/tdl3mem-a showed up.

    simply deleting that video related file may cause some trouble. i am wondering if i just reinstall the video card, will it be ok again. so far, sophos is the only one reporting this trojan and the customer support kicked me to the university IT b/c i get the softward from my university. and the IT guy asked me to try AVG, spybot etc which none of them worked. sigh.

    :3098
Reply
  • 0

    I have tried malwarebytes. it doesn't eliminate the trojan but blocks all the website the trojan tries to open. Could you share how you have removed it, like under safe mode? any information is appreciated.

    my observation is that after checking startup with msconfig, one 'NvCpl' always shows up after I check it off and restart. Officially, it relates to nvidia video cards and I have no doubt it's infected. additional proof is i tried to delete it in the registry and it always comes back right away. and I am 100% sure it was not there before troj/tdl3mem-a showed up.

    simply deleting that video related file may cause some trouble. i am wondering if i just reinstall the video card, will it be ok again. so far, sophos is the only one reporting this trojan and the customer support kicked me to the university IT b/c i get the softward from my university. and the IT guy asked me to try AVG, spybot etc which none of them worked. sigh.

    :3098
Children
No Data