14 DAY TRIAL // The TDL4 malware which features a highly sophisticated MBR rootkit has been characterized in the news lately as indestructible, but the truth is there are freely available tools that can remove it.
The comments of a Kaspersky Lab security expert who said that the TDL4 authors are trying to create an indestructible botnet have been misinterpreted by the press and generated panic among less technical users.
First of all, Kaspersky's Sergey Golovanov was referring to the botnet and not the malware itself and second, he said that this was their goal, not that they succeeded.
A botnet is a group of infected computers controlled by attackers via C&C servers or other protocols and channels.
The researcher was speaking in the context of the the botnet's redundancy mechanism which is based on the legit KAD peer-2-peer network. This allows its authors to update it even if the C&C servers are shut down.
In addition, the botnet uses custom encryption algorithms in order to hide its communications and make it harder to detect by network firewalls.
The malware itself is also complex. It contains a rootkit component that installs itself into the master boot record (MBR) and can modify the operating system even before it even loads.
It can infect both 32 and 64-bit versions of Windows and is one of the most sophisticated rootkits known to date. But despite this, the TDL4 bot can be removed from computers and most major antivirus programs are capable of doing this.
In addition, security companies have released stand-alone TDL4 removal tools that anyone can use for free without the need to replace their current antivirus program.
One of the companies who provide such an application is BitDefender. It's TDL4 removal tool is offered in both 32-bit and 64-bit versions. Kaspersky Lab also have a TDL4 cleaner dubbed TDSS Killer.