Home Malware Programs Viruses BOO/Tdss.M

BOO/Tdss.M

Posted: July 18, 2011

BOO/Tdss.M is a component of the Alureon Trojan infection. Although BOO/Tdss.M has limited distribution and minimal damage potential by itself, as part of a larger infection, BOO/Tdss.M can be used to alter your system settings, hijack your browser and gather sensitive information such as online banking passwords. As a rootkit, BOO/Tdss.M may show no signs of being on your PC other than the alerts that various security programs may use when they detect BOO/Tdss.M. You should delete BOO/Tdss.M with an advanced security program that's capable of handling rootkit-level threats and all related Alureon components.

BOO/Tdss.M – Another TDSS Rootkit to Ruin Your Master Boot Record

BOO/Tdss.M is a variant of the TDSS Rootkit, but is also only a small portion of a larger infection instead of being an independent attacker. You can also identify BOO/Tdss.M by some of its many aliases, such as Trojan:DOS/Alureon.A, TDSSmbr.A, Rootkit.Win32.TDSS.mbr, Rootkit.MBR.TDSS.B, BackDoor.Tdss.4005, Alureon-G@mbr and Win32/Alureon.MBR.

Because BOO/Tdss.M infects the Master Boot Record or MBR, casual scans will not find BOO/Tdss.M; you need to scan your entire PC or, specifically, the MBR to detect BOO/Tdss.M and then remove BOO/Tdss.M from your PC. BOO/Tdss.M's functions are likewise nearly transparent, since its only purpose is to execute a malicious file that's part of the Alureon infection. Even the size that BOO/Tdss.M takes up is an easily-overlooked 512 bytes.

Tracing BOO/Tdss.M's Trail Back to the Attacks

The 'ldr16' file that BOO/Tdss.M loads will hook into the computer's BIOS and insures that even more Trojan components are loaded, before Windows so much as starts to load. The complexity and quantity of related infection components makes a full list of what happens after, that is excessively long to recite in full. However, what should concern you is the primary payload that BOO/Tdss.M's and related Trojans and rootkits are going to all this trouble for.

Infections linked to BOO/Tdss.M, such as Trojan:Win32/Alureon.DX, may alter your Domain Name Settings as part of a scheme to steal your private information. Stolen info can include passwords, account names and Social Security numbers. Trojan:Win32/Alureon.DX may try to route you to a website that mimics the real one, but is fake and has a fraudulent login process that steals your info.

Other types of browser hijacks and spyware-based functions are also possible, such as having your homepage settings changed or being subjected to screenshots or keylogging. Since Trojans that are affiliated with BOO/Tdss.M have multiple variants and can be configured to change their behavior to some extent, detecting BOO/Tdss.M and related infections without an anti-virus software can be difficult.

The near-certainty of other Trojans, rootkits and other high-priority infections working in conjunction with BOO/Tdss.M makes it highly unlikely that manual removal would succeed. Try to use an advanced security program to detect and delete BOO/Tdss.M and all its accompanying infections.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %PROGRAM_FILES%\ BOO/Tdss.M \ BOO/Tdss.M

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\Software\ BOO/Tdss.M
Loading...