Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 1 subscriber
  • Views 4685 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Trojan\TDL3Mem-A Cleaning

hsimah

Hello,

We run Sophos as our enterprise anti-virus solution. Yesterday one of our machines was found to have this trojan on it: TDL3Mem-A (http://www.sophos.com/security/analyses/viruses-and-spyware/trojtdl3mema.html). It says it needs to be manually cleaned, but the Sophos site linked does not have instructions for it.

According to the scan it has infected ntdll.dll:pid:00000ab0.

Any help offered would be greatly appreciated.

Cheers.

:2983


This thread was automatically locked due to age.
  • 0

    An update on this nasty infection: TDSKiller now does absolutely nothing for it.

    Malwarebytes will remove some of the tag-alongs, but it comes right back.

    Still waiting for Sophos to get back with me. The older Sophos tool that worked for me several months ago didn't work this time.

    I'm hoping they have an updated version of the tool.

    :12555
  • 0

    Hello J-Rob,

    any news? Looks like the current version of the tool is about three weeks old - did it help?

    Christian

    :12669
  • 0

    I suggest you read down a few posts. Unfortunately it seems we just have to reinstall.

    I was just infected by a nasty Trojan with the name Gbwb#Qf ̀lufqz. [There is a small symbol after the Qf.] It masqueraded as a free clean-up utility, running through wuauclt.exe. It stripped my PC from being able to access Restore or from using Task Manager. After a few minutes it masked all my files and even started giving me phoney RAM and HDD error messages. It's very well written and looks lethal. I did not follow any of its instructions.

    All I got from a Sophos scan was suspicious activity "HIPS/RegMod-009"

    Sophos also quarantined an item where the only action I could take was to "authorize" it to load!

    Not so happy with Sophos after this.

    BTW, it infected through a Bell Wi-Max Modem.

    My PC (running Windows XP SP3 is in the shop. Luckily I had done a complete backup July this year.

    :16993