BOO/Tdss.M is a component of the Alureon Trojan infection. Although BOO/Tdss.M has limited distribution and minimal damage potential by itself, as part of a larger infection, BOO/Tdss.M can be used to alter your system settings, hijack your browser and gather sensitive information such as online banking passwords. As a rootkit, BOO/Tdss.M may show no signs of being on your PC other than the alerts that various security programs may use when they detect BOO/Tdss.M. You should delete BOO/Tdss.M with an advanced security program that’s capable of handling rootkit-level threats and all related Alureon components.
BOO/Tdss.M – Another TDSS Rootkit to Ruin Your Master Boot Record
BOO/Tdss.M is a variant of the TDSS Rootkit, but is also only a small portion of a larger infection instead of being an independent attacker. You can also identify BOO/Tdss.M by some of its many aliases, such as Trojan:DOS/Alureon.A, TDSSmbr.A, Rootkit.Win32.TDSS.mbr, Rootkit.MBR.TDSS.B, BackDoor.Tdss.4005, Alureon-G@mbr and Win32/Alureon.MBR.
Because BOO/Tdss.M infects the Master Boot Record or MBR, casual scans will not find BOO/Tdss.M; you need to scan your entire PC or, specifically, the MBR to detect BOO/Tdss.M and then remove BOO/Tdss.M from your PC. BOO/Tdss.M’s functions are likewise nearly transparent, since its only purpose is to execute a malicious file that’s part of the Alureon infection.
Tracing BOO/Tdss.M’s Trail Back to the Attacks
The ‘ldr16′ file that BOO/Tdss.M loads will hook into the computer’s BIOS and insures that even more Trojan components are loaded, before Windows so much as starts to load. The complexity and quantity of related infection components makes a full list of what happens after, that is excessively long to recite in full. However, what should concern you is the primary payload that BOO/Tdss.M’s and related Trojans and rootkits are going to all this trouble for.
Infections linked to BOO/Tdss.M, such as Trojan:Win32/Alureon.DX, may alter your Domain Name Settings as part of a scheme to steal your private information. Stolen info can include passwords, account names and Social Security numbers. Trojan:Win32/Alureon.DX may try to route you to a website that mimics the real one, but is fake and has a fraudulent login process that steals your info.
Other types of browser hijacks and spyware-based functions are also possible, such as having your homepage settings changed or being subjected to screenshots or keylogging. Since Trojans that are affiliated with BOO/Tdss.M have multiple variants and can be configured to change their behavior to some extent, detecting BOO/Tdss.M and related infections without an anti-virus software can be difficult.
The near-certainty of other Trojans, rootkits and other high-priority infections working in conjunction with BOO/Tdss.M makes it highly unlikely that manual removal would succeed. Try to use an advanced security program to detect and delete BOO/Tdss.M and all its accompanying infections.
BOO/Tdss.M Automatic Detection Tool (Recommended)
Is your PC infected with BOO/Tdss.M? To safely & quickly detect BOO/Tdss.M, we highly recommend you run the malware scanner listed below.
Download SpyHunter's* Malware Scanner to detect BOO/Tdss.M What happens if BOO/Tdss.M does not let you open SpyHunter or blocks the Internet?
File System Modifications
- The following files were created in the system:
# File Name 1 %PROGRAM_FILES%\ BOO/Tdss.M \ BOO/Tdss.M
- The following newly produced Registry Values are:
Posted: July 18, 2011 | By SpywareRemove
Threat Level: 8/10
Rate this article: