TDL3 « Webroot Threat Blog

TDL3 and ZeroAccess: More of the Same?

August 8, 2011 – 4:54 pm

By Marco Giuliani In our previous technical analysis of the ZeroAccess rootkit, we highlighted how it acts as a framework by infecting the machine — setting up its own private space in the disk, first through a dedicated file system on the disk, and more recently by using a hidden and locked directory. This is [...]

By Marco Giuliani | Posted in Botnet activity, Deep Knowledge, Destructive behavior, rootkit, Smart Malware Tricks, Threat Research, Uncategorized | Tags: Max++, TDL3, TDSS, ZeroAccess | Comments (3)

Removing Popureb Doesn’t Require a Windows Reinstall

June 30, 2011 – 7:26 am

By Marco Giuliani Last Wednesday, Microsoft published a blog post detailing a significant update to a piece of malware named Popureb. The malware adds code to the Master Boot Record, or MBR, a region of the hard disk that’s read by the PC during bootup, long before the operating system has had a chance to [...]

By Marco Giuliani | Posted in Advanced Malware Removal, Backdoors, Destructive behavior, malware, Ransomware, Stupid malware tricks, Threat Research, Trojans | Tags: Chun Feng, IRP_MJ_INTERNAL_DEVICE_CONTROL, Master Boot Record, MBR, MBR infection, Mebroot, Microsoft, Popureb, Popureb.E, ransomware, ROL 0x73, ROR 0x73 FTW, SRB_FUNCTION_EXECUTE_SCSI, TDL3, TDL4, TDSS, Whistler, _allmul | Comments (9)

Follow

Follow “Webroot Threat Blog”

Powered by WordPress.com