Reading an article on CNET: http://news.cnet.com/8301-13506_3-20075725-17/tdl-4-the-indestructible-botnet/?tag=mncol;txt
Just wondering if Mcafee have released any official document on this. Any info from Mcafee will be appreciated..
Moved to Malware Discussion > Home User Assistance for better attention although I see you previously posted in Business some time ago.Message was edited by: Ex_Brit on 01/07/11 4:29:48 EDT PM
Sorry, you originally posted this thread in consumer products so wasn't sure. Moved to Corporate User Assistance.
I've also been reading a lot about this over the past few days. McAfee seems pretty confident that TDL3 and TDL4 rootkit infections will be cleaned by a normal scan if you have the latest DAT file : there was a blog article a liitle while ago that dealt with this subject - "Memory Forging Attempt by a Rootkit" (April 21st, by Rachit Mathur). Read it and see what you think - I'm waiting for someone who's been infected to come back and say that McAfee took care of the infection.
Looks as though Mcafee only works Mon-Fri 0900 > 1700. The BBC site in the UK and Computer Weekly site are saying TDL-4 is 'indistructible' - I guess we Mcafee subscribers can rest easy - as a search for TDL-4 on the Mcafee site produces no results, and postings about Mcafees position on TDL-4 produce no responses. Either they aren't worried about TDL-4 - unlike the rest of the world - or they have our money so we can (fill in your own expletive).
Support is there 24x7x365 and we don't sell enterprise products without a support license, so if you have an urgent query I'd recommend picking up the phone.
TDL-4 is not our detection name, which is why you can't find it referenced in the VIL.
According to research we have detetion coverage for this as TDSS!c. The repair can be complex so if you do find an issue again I would always recommend calling us for assistance.
Hope this helps,
Yep! McAfee has detections for over 50 variants and I have even seen it personally seen it
detect and clean with a normal On-Demand scan. (It will tell you if a root kit is installed and may want to reboot to finish cleaning the system.
You can view all our detections here for TDSS here:
Heres a screenshot of a variant that was detected: