Microsoft unintentionally cleaned virus infected PC’s

Unknowingly, Microsoft was able to clean a lot of computers that were infected by the TDL3 rootkit (aka TDSS aka Alureon), although it was a pretty drastic method. Because when users installed the Windows patch, their computer was unable to boot, and had to be restored.

Microsoft recently confirmed that the recent Windows XP crashes were caused by a rootkit called Alureon.

After the patch was released, the authors of the rootkit modified their code and updated their users, but apparently they lost a lot of users.

We currently see a significant reduction in the number of users that are infected by this rootkit and use Hitman Pro to clean their PC. Since mid January, about 15-20% of the Hitman Pro users who were infected, were infected by this rootkit (TDL3 aka TDSS aka Alureon). After February 10 (when the Windows patch was released) this dropped to below  10%.

Interesting detail: Of all the TDL3 infected systems, more than 75% is using an up-to-date anti virus program. Nearly all anti virus programs are still unable to detect a TDL3 rootkit infection.

TDL3 rootkit authors have fixed their incompatibility with Microsoft’s MS10-015 patch as can be seen in the right corner of the graph as the rootkit is on the rise again.

One Response to Microsoft unintentionally cleaned virus infected PC’s

  1. Trisha Dunlap says:

    informative stuff, thanks

%d bloggers like this: