TDL4 Rootkit Video – Being Used as a Proxy

In this video you get to see how the TDL4 rootkit uses your PC as a proxy server.  The tools used in this video are Comodo Cleaning Essentials and the Windows Task Manager.


54 Responses to TDL4 Rootkit Video – Being Used as a Proxy

  1. Anakin July 13, 2011 at 1:45 am #

    Most rootkits go unnoticed. Rogues typically stop exe’s from running. Good video but I wouldn’t trust Comodo with a 10 foot pole.

  2. malwarekilla July 13, 2011 at 2:17 am #

    @Anakin – even constant moderate svchost cpu is pretty much a dead giveaway. As far as Comodo goes I suppose you could get some “way advanced” piece of malware past it, but I haven’t encountered that yet.

  3. Anakin July 13, 2011 at 2:40 am #

    svchost and iexplorer.exe are always dead give away. Slow browsing is another dead give away of a rootkit.

  4. Dan July 13, 2011 at 3:12 am #

    Pretty sure the only reason you don’t trust Comodo Dieselman is because of your unfounded hatred for languy99. But if that’s not the reason, then please entertain me with what you feel is better security software and why Comodo can’t handle anything.

    Thanks for the great video, Matt. I’ll add your channel to my list of recommended channels since your videos can be invaluable for an infected user, or those who just don’t know enough about antivirus software to make an informed decision.

  5. malwarekilla July 13, 2011 at 3:37 am #

    @Anakin – True. Slow browsing too…incredibly slow. My router stopped responding at 1 points.

    @Dan – thanks for the Compliments Dan. I don’t know who languy99 is, but I too would like to know where Comodo’s weak parts are just so I don’t look like an ass (on the net or at a client). Thx.

  6. Warwagon July 13, 2011 at 4:12 am #


    languy99 is a guy who also does a lot of prevention tests on youtube. He pushes them out quite often. I watch your videos and his video.

    I think everyone after watching your video, went and got that app and checked their connections.

  7. wasgij6 July 13, 2011 at 4:15 am #

    i am a big supporter of comodo
    there arent to many weaknesses. the biggest on is probably the trusted vendor list. if a company is on the TVL and decide to start serving adware it will bypass comodo but comodo users are constantly reporting these malware and they get fixed very quickly. Also v6 is in the makings and virtualisation is coming to the auto sandbox for some apps. iv been using cis for about 2 years and havent been infected once so its a great suite

  8. wasgij6 July 13, 2011 at 4:17 am #

    also languy99 is a moderator at the comodo forums and he also makes antivirus videos like you do

  9. Casey July 13, 2011 at 5:43 am #

    Not to mention he always tries to make Norton look bad.

  10. Warwagon July 13, 2011 at 5:54 am #


    Well I saw one review he did of Norton where it caught everything. He had good things to say about it.

  11. wasgij6 July 13, 2011 at 7:23 am #

    he doesnt try to make it look bad, it does that to itself.

  12. Anakin July 13, 2011 at 10:03 am #

    My dislike for Comodo has nothing to do with Languy99. He is a dumb ass little kid who has his nose shoved up Melih’s ass so far it pathetic. No where have I ever hated Comodo. Its there way of thinking I dislike and the fact that Melih thinks he is the King. Default/Deny. Whatever.

  13. Anakin July 13, 2011 at 10:13 am #

    FYI Matt. Languy99 makes YouTube videos by the hundreds. He has often poked fun at you. His links are pretested and never copied and pasted live. He makes all his videos so that Comodo comes out on top. he has everyone fooled into thinking he actual knows about computers and removing malware. But if you watch his videos closely you will realize that he knows nothing.

  14. Tom July 13, 2011 at 12:05 pm #

    Usefull video Matt… cheers.

  15. Christos July 13, 2011 at 1:00 pm #

    @Anaking Althrough we certainly don’t agree on some posts. You are 100% right about languy, no matter what happens COMODO comes on top, and if you watch closely he can’t deal with pretty simple issues that take like a second for anybody to fix, or they are so simple even an average guy could do it. How are people trusting him anyways? I am watching his videos to see if anything new comes out that will be fair and not involving comodo. Even the android security test had COMODO in it, althrough COMODO hasn’t yet released a mobile version of their security product. He is Melih’s lover…..

  16. Warwagon July 13, 2011 at 4:09 pm #

    @Anakin @ Christos

    I also love how he keeps testing the AV’s prevention once the AV misses a piece of a piece of malware and it gets onto the system which could mess with the antivirus’s detection of the other links he is trying. I think if one gets through, just revert the machine back to a clean state and start testing again.

  17. ZOU July 13, 2011 at 5:01 pm #

    Thanks for your hard work, Matt. We all appreciate it very much. My education started with you a couple of years back. I have not been the same since. lol

  18. Henk (Crete Greece) July 13, 2011 at 6:28 pm #

    Same as for Zou.
    My education here in Greece started by watching your vids. Due to this I’m now confident enough to help people out with contaminated computers.

    Please continue and educate us out there in the field.

    Thanks from a very warm Greece

  19. estechguy July 13, 2011 at 9:47 pm #

    @Matt – this is languy99:

  20. CircuitGuy July 14, 2011 at 12:05 am #


    Matt, sorry for this off-topic comment, but the forums are a mess right now. Please get rid of Dieselman to give the forums a chance. It should have been done a long time ago.

  21. Roni July 14, 2011 at 1:25 am #

    Seriously, Dieselman is really annoying. He thinks hes superior to everyone, he treats people like trash, he is never helpful and he is so arrogant. He just destroys any helpful topics in the forums. Please ban him or remove him or something.

  22. malwarekilla July 14, 2011 at 1:34 am #

    After way too many complaints and warnings I had to ban Dieselman. He was way too abusive to members and I’m sorry about that. I’m also sorry he couldn’t chill out and have a little fun because he’s pretty knowledgeable.

  23. ryan July 14, 2011 at 1:37 am #

    He was mean and made mostof our members leave hopfully we will re-build the forums.

  24. Kevin July 14, 2011 at 1:37 am #

    That’s nice Matt. Both the video and the fact you banned Dieselman.

  25. CircuitGuy July 14, 2011 at 1:38 am #

    Thanks Matt. It had to be done. Hopefully the forums will make a comeback thanks to this.

  26. malwarekilla July 14, 2011 at 1:47 am #

    I have disabled registration and removed all the mods except myself. I need to do a few upgrades and reorg the forums a bit. I want to create a friendly place where knowledge is shared from all walks of life. Period.

    Also, let this be a warning to anyone else…I will no longer tolerate personal attacks on members. I hate to be mr banner, but I’ll do it with a passion if it comes down to that.

    I mean really….this is a site about anti-malware. If you’re personally insulting others over malware/anti-malware then you need some serious mental help!

  27. ryan July 14, 2011 at 1:49 am #

    Thanks matt 🙂

  28. ZOU July 14, 2011 at 1:51 am #


    You have my full support and cooperation. I know you had to make a tough, necessary decision. I have always had respect for you. I have always quietly, and sometimes openly, cheered for you. Thanks again for all that you do. You are very important to us. Your continued success is imminent.

    Truly yours,


  29. ZOU July 14, 2011 at 1:52 am #

    Go Cards!

  30. malwarekilla July 14, 2011 at 1:54 am #

    @ZOU – thank you my friend, I truly appreciate your support.

  31. malwarekilla July 14, 2011 at 1:54 am #

    oh and yes, go Cards!!!

  32. ryan July 14, 2011 at 2:04 am #

    I support you to matt good luck with re-building the forums.

  33. Dan July 14, 2011 at 2:05 am #

    How are the cardinals doing this season, actually?

  34. ZOU July 14, 2011 at 2:06 am #

    Note to All: If you know, or think, it is Dieselman, please do not provoke, transmit, or respond.

  35. Tomo172 July 14, 2011 at 2:24 am #

    Great to hear Matt. I wish you the best of luck!

  36. ZOU July 14, 2011 at 3:04 am #


    Pretty good, especially considering all of the injuries. I think we are tied for first place right now. Our bullpen is a mess though.

  37. malwarekilla July 14, 2011 at 3:18 am #

    You from STL ZOU?

  38. ZOU July 14, 2011 at 3:22 am #

    Grew up 75 miles SSW of St. Louis. I have a lot of family from Columbia and Springfield. I used to love going to St. Louis when I was a kid. We made many trips there.

  39. ZOU July 14, 2011 at 3:24 am #

    I love St. Louis. It is a great place. I have met some really down to earth people there, especially at the ballpark. I am Show-Me-State all the way baby!

  40. ZOU July 14, 2011 at 3:26 am #

    I grew up listening to the U-Man, Radio Rich, Smash, Steve Mitchell, J.C. and all those crazy KSHE personalities.

  41. ZOU July 14, 2011 at 3:29 am #

    I have lived in Kentucky for quite a few years now. I remember home like it was yesterday though. I still listen to KMOX on the way to work all the way out here near Lexington (usually crystal clear), if you can believe it. My truck has an excellent AM radio.

  42. malwarekilla July 14, 2011 at 3:29 am #

    Yeah, lot’s of down to earth people around here. We love it, even though it’s super hot and super humid (or freezing…).

  43. Dan July 14, 2011 at 3:34 am #

    Maybe we’ll get to see a Rangers v. St. Louis World Series? Would be quite the competition.

  44. ZOU July 14, 2011 at 3:38 am #

    I have always wanted to see a Yankees vs. Cards World Series. It has happened 5 times in history, and the Cards lead 3 series to 2. The Yanks have, by far, the most appearances and wins, but head to head, WE OWN THEM. I love it.

  45. ZOU July 14, 2011 at 3:40 am #

    Hey Matt,

    You need to go on a float trip down on the Current, Jack’s Fork, or Eleven Point Rivers sometime if you have not been. Huzzah Creek is pretty good too.

  46. Christos July 14, 2011 at 5:13 am #

    I hope the forums will be peaceful and nice again….. (thank god dieselman was banned, he had a lot of knowledge, but he was too insulting to anyone and everyone, also he thought he knew everything….. )

  47. D Bone July 14, 2011 at 6:01 am #

    Do you remember a PM on your YouTube account from a ThunderStruckCoach about 2 months ago regarding bullies? If you do, that was from me, if you don’t no worries! If you do remember, then you did what needed to be done……………….Post more videos on YouTube!! (no porn though lol)


  48. endejan July 14, 2011 at 6:39 am #

    Finally, he’s banned and hopefully for good. Nice video and thanks for getting rid of him, rM can be rebuilt.

  49. ZOU July 14, 2011 at 2:02 pm #

    There is a lot of potential. Matt’s videos, and other projects, have attracted hordes of good people that seem to possess quality demeanor and a variety of skills and knowledge. I have no doubt that the rM forums will be better than ever. I look forward to the comradery.

  50. Manab Choudhury July 14, 2011 at 7:00 pm #

    Banning Dieselman should have happened a long time ago, but its never too late I guess, he was bullying and misbehaving with members like he owns the forums and also the internet, he was really disgusting.I once corrected him of something in the forums and he sent me a threatening PM and I got pissed off and left the Forums.Anyways, it would be very nice if you visit the forums a bit more often you do so you can look whats going on in there.

  51. TigerRaptorFX July 14, 2011 at 10:00 pm #

    I will give Dieselman the shadow of the doubt that he is very knowledgeable. But since the big dog got infected with rabies to the point he went mad. No choice but to see him go the way of Old Yeller.

  52. Roni July 15, 2011 at 4:42 am #

    Finally, thanks Matt. Also, do you think you will do a ESET Smart Security 5 release candidate review (the link to the beta site is in my name) in the near future? Its feels like a finished product and I’d love to know what you think about it.

  53. Johan July 16, 2011 at 7:03 pm #


    No not yet, ESET needs to tune the HIPS a little more before he tests it.
    IMO Matt should wait for the Final release.

    But except that it’s a very nice product indeed!

  54. Roni July 18, 2011 at 6:44 am #

    @Johan Yeah, when I saw the option “automatic mode with rules” I assumed, they had a white-list. Apparently they don’t. Its a shame, but yeah, as you said, it feels really solid. Hope they add white-lists by the final release. Kinda disappointed by that part.

Leave a Reply