Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 1 subscriber
  • Views 4685 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Trojan\TDL3Mem-A Cleaning

hsimah

Hello,

We run Sophos as our enterprise anti-virus solution. Yesterday one of our machines was found to have this trojan on it: TDL3Mem-A (http://www.sophos.com/security/analyses/viruses-and-spyware/trojtdl3mema.html). It says it needs to be manually cleaned, but the Sophos site linked does not have instructions for it.

According to the scan it has infected ntdll.dll:pid:00000ab0.

Any help offered would be greatly appreciated.

Cheers.

:2983


This thread was automatically locked due to age.
Parents
  • 0

    Detlev has a point, unless you know the exact variant that got on your machine you don't know exactly what has changed.

    But as long as you remove the malicious content, the machine is yours again and you can reverse any changes generally made (things to stop you using the machine normally).

    TDL3 is a crazy rootkit with ongoing development and it really depends on the variant of it as to whether any current cleanup tool/av will clean it.  There is a specific bug fix (from TDL3 coders) that "fixed" the TDSSkiller cleanup. (I don't follow their cleanup tool, so not sure what variants it will clean)

    Like all malware its an ongoing chase.

    At the moment we prefer to let people contact support so we can handle it correctly and safely.

    OD

    :3118
Reply
  • 0

    Detlev has a point, unless you know the exact variant that got on your machine you don't know exactly what has changed.

    But as long as you remove the malicious content, the machine is yours again and you can reverse any changes generally made (things to stop you using the machine normally).

    TDL3 is a crazy rootkit with ongoing development and it really depends on the variant of it as to whether any current cleanup tool/av will clean it.  There is a specific bug fix (from TDL3 coders) that "fixed" the TDSSkiller cleanup. (I don't follow their cleanup tool, so not sure what variants it will clean)

    Like all malware its an ongoing chase.

    At the moment we prefer to let people contact support so we can handle it correctly and safely.

    OD

    :3118
Children
No Data