TDL-4 Botnet Threat

Discussion in 'Computer Science & Culture' started by KilljoyKlown, Jul 7, 2011.

Thread Status:
Not open for further replies.
  1. KilljoyKlown Whatever Valued Senior Member

    Messages:
    6,493
    I'm not sure about this threat, but this article doesn't give me a very warm fuzzy feeling of being safe on my computer. Does anybody here know more about this than the article went into?

    http://www.popsci.com/node/55242/?cmpid=enews070711

    Plus two comments I thought interesting or useful.

    lohengrim

    it's funny how many computer virus can actually be manufactured by antivirus employees themselves working on the sly..
    it's not a very new marketing strategy anyway, manufacturing diseases and then selling us the cure..
    some of the virus makers might even come from the folks who created the OS themselves. given their familiarity with the vulnerabilities of their own system.
    and at the same time, these are the same folks we rely upon to give us the cure.
    or perhaps it's just part of a bigger marketing strategy or perhaps even their own political agendas.. (ie: what was the purpose of attacking Pirate Bay anyway? if not political)
    so my question is.. who watches the watchmen?
    it's just obvious that viruses will continue to exist for as long as we don't adopt transparency and open source.

    Alkane

    The rootkit is easy to remove, especially if there were no modifications made to the system and this method applies if all other removal methods failed. Using recovery disc from Microsoft and command prompt commands seem to fail to clear the MBR completely.
    Download MBRTool.exe and burn a copy on a blank CD.
    Print out a copy of the manual that comes with the MBRTool, it will be handy later.
    Download a recovery disc from Microsoft for a corresponding operating system.
    Restart your computer and boot into the CD.
    Follow the instructions on the screen and the manual and view the MBR record.
    Wipe the entire MBR record.
    View MBR record to make sure there is nothing but zeros.
    Remove the MBRTool disc and insert Windows Recovery disc.
    Run Startup Recovery.
    The Windows will be able to start but not completely boot.
    Remove the disc, and now run Startup recovery from the Windows menu.
    After it finishes - restart and the rootkit is gone.
    I hope it helps.
     
  2. Google AdSense Guest Advertisement



    to hide all adverts.
  3. chimpkin C'mon, get happy! Registered Senior Member

    Messages:
    4,416
    I'd often wondered if they were doing that, but thought..."Sometimes, Chimpy, you are a bit more paranoid than warranted."

    I should stop thinking that.
     
  4. Google AdSense Guest Advertisement



    to hide all adverts.
  5. KilljoyKlown Whatever Valued Senior Member

    Messages:
    6,493
    Could be your not paranoid enough. But either way what could most of us do about it? I have my virus checker and if that's not good enough I'm screwed.
     
  6. Google AdSense Guest Advertisement



    to hide all adverts.
  7. Rhaedas Valued Senior Member

    Messages:
    1,516
    Just use common sense and do the thing that most people don't do, especially the ones that get infected. Have a boot AV cleaner handy as well, just in case. Back up. Change passwords, don't use the same on every place, and make sure they're strong ones, not simple words or numbers. Oh, and back up.

    Looking at some of the major AV companies, I don't see this on the scope of current threats. It's out there, sure, even the old viruses are still around, they just get stopped easily by those who actually protect their PC. But this particular one has been out since 2008 or so, we're just seeing a newer version. If you do get hit by it, if you have a boot scanner CD ready, it'll be an annoyance. The biggest problem I see is how it hides by NOT causing problems, but if you make a point of doing deep scans and boot scans every now and then, those will find it.
     
  8. KilljoyKlown Whatever Valued Senior Member

    Messages:
    6,493
    That's very good advice, but you don't really expect many people to be that prepared do you? I'm worried about all the problems the already compromised PC's might cause on short notice. I don't really think like a criminal or terrorist, but I can imagine what they might do with almost 5 million PC's under their control.
     
Thread Status:
Not open for further replies.

Share This Page