NEWS ARCHIVE
29.04.2010 TDSS REMOVER REPORT + UPDATE
1. A quarterly report (2010 Q1) of TDSS Remover usage and TDSS-related activity in the wild will be published in the Virus Bulletin Magazine, May 2010.
2. TDSS Remover version 1.7.5.1 released.
Major updates:
2. TDSS Remover version 1.7.5.1 released.
Major updates:
- successful disinfection of the latest TDSS malware (TDL 3.273)
- added a tool to decode the rootkit's encrypted file system.
07.03.2010 TDSS REMOVER UPDATE
TDSS Remover version 1.7 released.
New features since version 1.6:
New features since version 1.6:
- successful disinfection of the latest TDSS malware (TDL3.27)
- no more VMProtect (smaller file size, less antivirus false positives, happier reversers :))
- "/uninstall" command line option
- "Scan at VirusTotal.com" context menu option
- a panel with links.
25.11.2009 TDSS REMOVER UPDATE
Rootkit.Win32.TDSS Remover version 1.6 released.
New features:
New features:
- disinfection of the TDL3 rootkit
- saving found objects to a custom folder
- optional sending of statistics and infected objects to our server.
02.11.2009 NEW ARTICLE
Virus Bulletin Magazine, November 2009: DETECTING BOOTKITS.
Alisa Shevchenko and Dmitry Oleksiuk decided to find out whether anti-virus software has learned to cope successfully with Mebroot and MBR infectors in general a few years after the first appearance of this type of malware.
Link for VB subscribers
Alisa Shevchenko and Dmitry Oleksiuk decided to find out whether anti-virus software has learned to cope successfully with Mebroot and MBR infectors in general a few years after the first appearance of this type of malware.
Link for VB subscribers
01.10.2009 NEW ANTIVIRUS TOOL
A free antivirus tool providing generic detection and disinfection of all known and unknown bootkits (such as Sinowal/Mebroot/MaosBoot, Stoned Bootkit etc.) is released.
Read more or download the archive
Read more or download the archive
03.08.2009 TDSS REMOVER TECHNOLOGY PAPER
"Everybody lies: reaching after the truth while searching for rootkits"
Virus Bulletin magazine, August 2009
The article covers a trivial and efficient, yet widely unused, method of revealing rootkit-hidden objects. The described method is part of the TDSS remover technology.
Virus Bulletin magazine, August 2009
The article covers a trivial and efficient, yet widely unused, method of revealing rootkit-hidden objects. The described method is part of the TDSS remover technology.
31.07.2009 TDSS REMOVER UPDATE
New in version 1.4: improved hidden files scan, added full Windows 7 support. Minor bugs fixed.
Download TDSS remover v1.4
Download TDSS remover v1.4
23.06.2009 NEW OPEN SOURCE TOOL
IOCTL Fuzzer - an fuzzing utility for vulnerability assessment of Windows drivers.
Download the archive
Read more at the Projects page
Browse source at Google code.
Download the archive
Read more at the Projects page
Browse source at Google code.
08.06.2009 NEW ANTIVIRUS UTILITY RELEASE
01.05.2009 NEW ARTICLES PUBLISHED
"CASE STUDY: TDSS ROOTKIT"
Virus Bulletin magazine, May 2009
Virus Bulletin magazine, May 2009
"ADVANCED MALWARE TECHNIQUES 2008" 
Virus Bulletin magazine, January 2009
04.04.2009 SPEAKING AT RUSCRYPTO'2009
On April, 4 we will be speaking at Ruscrypto, a Moscow-based security conference. We will be discussing methods of defeating a software protection by means of bypasing techniques (Alisa) and vulnerability exploitation (Dmitry).
upd. presentations are available in Russian.
upd. presentations are available in Russian.