TDSS Rootkit
TDSS Rootkit is a rootkit that makes use of multiple Trojans that generate revenue for criminals in a variety of ways. These cash-generating methods invariably cause harm to your computer by hijacking your browser, altering online content, changing your system settings, installing hostile programs, creating advertisements and infecting crucial Windows files. Although different types of TDSS Rootkit infections may exhibit slightly different behavior, all types of TDSS Rootkit attackers are extremely dangerous, and most will consist of multiple subtypes of Trojans and other threatening programs. As is the case with all rootkits, removing TDSS Rootkit or even detecting TDSS Rootkit is extremely difficult and may require help from high-quality threat-removal software.
Meeting the Whole TDSS Rootkit Family
As a multi-component infection, TDSS Rootkit attacks will use many different types of Trojans to create many attacks on your PC, although almost all of these attacks have the motive of generating money. For example:
- Google Redirect Virus is a TDSS Rootkit component that hijacks your browser and redirects you to risky websites, after you've click on a Google search result.
- Virus:Win32/Alureon.H is a driver that's been infected by TDSS Rootkit. Virus:Win32/Alureon.H is responsible for loading the primary TDSS Rootkit code, which is scattered randomly around your hard drive. TDSS Rootkit, once loaded, will conceal both itself and the Virus:Win32/Alureon.H driver infection.
- Trojan:Win32/Alureon.DN is a .dll file that TDSS Rootkit uses to alter online content. TDSS Rootkit does this by injecting malicious code into innocent HTML.
What You Can Do to Kick Out the TDSS Rootkit Gang
Although the full list of TDSS Rootkit components is far too long to enumerate fully, you can assume that any TDSS Rootkit infection is engaged in multiple attacks on your computer with multiple types of Trojans at any given time. Other problems that are associated with TDSS Rootkit include browser hijacks that redirect you to hostile websites, advertisement pop-ups, the appearance of a security backdoor (by way of opened network ports and altered firewall settings), altered Domain Name System (DNS) settings and the appearance of unfamiliar programs on your computer.
All types of TDSS Rootkit infections are extremely difficult to remove. Even if you think you've deleted TDSS Rootkit during a system scan, a reboot may reveal that TDSS Rootkit was never really deleted at all. Temporarily disabling System Restore may be necessary as part of the TDSS Rootkit removal process, and rootkits like TDSS Rootkit have been known to persist even in Safe Mode.
Despite the difficulty of deleting TDSS Rootkit, allowing TDSS Rootkit or any of its individual components to remain on your PC is extremely dangerous. Ignoring the threat that TDSS Rootkit presents can not only be a source of other infections but may also allow remote criminals to exert direct control over your PC.
File System Modifications
- The following files were created in the system:
# File Name 1 %Temp%\_VOID[RANDOM CHARACTERS].tmp 2 %Temp%\UAC[RANDOM CHARACTERS].tmp 3 C:\Documents and Settings\All Users\Application Data\_VOIDmainqt.dll 4 C:\WINDOWS\_VOID[RANDOM CHARACTERS]\ 5 C:\WINDOWS\_VOID[RANDOM CHARACTERS]\_VOIDd.sys 6 C:\WINDOWS\SYSTEM32\4DW4R3[RANDOM CHARACTERS].dll 7 C:\WINDOWS\SYSTEM32\4DW4R3c.dll 8 C:\WINDOWS\SYSTEM32\4DW4R3sv.dat 9 C:\WINDOWS\system32\_VOID[RANDOM CHARACTERS].dat 10 C:\WINDOWS\system32\_VOID[RANDOM CHARACTERS].dll 11 C:\WINDOWS\SYSTEM32\DRIVERS\4DW4R3.sys 12 C:\WINDOWS\SYSTEM32\DRIVERS\4DW4R3[RANDOM CHARACTERS].sys 13 C:\WINDOWS\system32\drivers\_VOID[RANDOM CHARACTERS].sys 14 C:\WINDOWS\system32\drivers\UAC[RANDOM CHARACTERS].sys 15 C:\WINDOWS\system32\UAC[RANDOM CHARACTERS].dat 16 C:\WINDOWS\system32\UAC[RANDOM CHARACTERS].db 17 C:\WINDOWS\system32\UAC[RANDOM CHARACTERS].dll 18 C:\WINDOWS\system32\uacinit.dll 19 C:\WINDOWS\system32\uactmp.db 20 C:\WINDOWS\Temp\_VOID[RANDOM CHARACTERS]tmp 21 C:\WINDOWS\Temp\UAC[RANDOM CHARACTERS].tmp
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\4DW4R3HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UACd.sysHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOID[RANDOM CHARACTERS]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOIDd.sys
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.