Rootkit.TDSS is a generic label for any one of many types of TDSS rootkit (also known as Alureon Trojans or Tidserv Trojans and associated with DNS Changer) components to create serious security violations in an infected PC. As a rootkit, Rootkit.TDSS uses especially-advanced features to conceal itself and protect itself from deletion, and some variants of Rootkit.TDSS may even be able to run in Safe Mode. Regardless of which variants of Rootkit.TDSS are attacking your PC, SpywareRemove.com malware researchers have found that all types of Rootkit.TDSS infections are dangerous security attacks that can be involved in theft of private information, browser hijacks, the installation of additional types of PC threats, Distributed-Denial-of-Service attacks and other forms of criminal control over your computer. You should use powerful and up-to-date anti-malware programs to find and remove Rootkit.TDSS, since manual detection or deletion of Rootkit.TDSS is, at best, an unlikely and last resort.
Why You Will Not See Rootkit.TDSS… Unless You Have a Little Outside Help
Even though all rootkits are known for using stealth-related features, Rootkit.TDSS family rootkits are especially-infamous for their advanced structures that allow them to avoid being noticed unless caught by appropriate security software. Variants of Rootkit.TDSS infections have been known to use memory-injection techniques to hide their activities inside of normal system processes, hide themselves as malicious drivers, hide themselves as .dll files and even scatter their components in a semi-random fashion throughout a hard drive.
Because Rootkit.TDSS is a generic label that can apply to many types of TDSS files, you may also see Rootkit.TDSS identified by a huge range of aliases that are dependent on the type of anti-malware scanner that you use to detect Rootkit.TDSS. A few examples of some of the many TDSS components that SpywareRemove.com malware experts have seen include BackDoor.Tdss.5070, BOO/Tdss.M, TDSS.e!rootkit, Rootkit TDSS.d and TDSS.d!men. Unless you’ve taken extra steps to stop Rootkit.TDSS from being loaded, you should assume that Rootkit.TDSS is active on your PC, even if Rootkit.TDSS doesn’t show a distinct memory process or file.
Some of the Endless Heads of the Rootkit.TDSS Hydra
Attacks based on a Rootkit.TDSS infection can take a nearly infinite range of forms, given Rootkit.TDSS’s ability to update its behavior based on instructions from a command server. Nonetheless, SpywareRemove.com malware researchers have found that some of Rootkit.TDSS’s most common uses and behaviors include:
- Web browser redirects to malicious sites. These sites can include phishing sites that try to steal private information or sites that install harmful software via drive-by-download scripts.
- Software-blocking behavior that prevents you from using other programs. Programs that are most-likely to be targeted by these Rootkit.TDSS attacks are those that could help you remove Rootkit.TDSS (such as anti-malware applications). In such instances, you may need to rename the program file or disable Rootkit.TDSS before you can access software that will delete Rootkit.TDSS in a safe manner.
- The installation of other types of harmful software that may or may not be obviously-visible. This can extend to keyloggers, Trojan droppers, worms or rogue security programs.
Generic Trojan [Panda]Generic16.BRWH [AVG]Hacktool.Rootkit [Symantec]Mal/Generic-A [Sophos]BKDR_TIDIES.SMA [TrendMicro]TR/Agent.42496.27 [AntiVir]Trojan.Generic.3238155 [BitDefender]Win32:Jifas-DT [Avast]a variant of Win32/Olmarik.SR [NOD32]Trojan.Alureon.MIZ [VirusBuster]
More aliases (101)
Rootkit.TDSS Automatic Detection Tool (Recommended)
Is your PC infected with Rootkit.TDSS? To safely & quickly detect Rootkit.TDSS we highly recommend you run the malware scanner listed below.
Download SpyHunter's* Malware Scanner to detect Rootkit.TDSS What happens if Rootkit.TDSS does not let you open SpyHunter or blocks the Internet?
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
- The following files were created in the system:
# File Name Detection Count 1 %WINDIR%\ PRAGMAixjipouowq\ PRAGMAd.sys 108 2 %WINDIR%\ system32\ tcppid.sys 16 3 %WINDIR%\ system32\ isaxbox.sys 12 4 %WINDIR%\ System32\ drivers\ _VOIDhrotxiltat.sys 97 5 %Temp%\UAC[RANDOM].tmp N/A 6 %Temp%\_VOID[RANDOM].tmp N/A 7 C:\Documents and Settings\All Users\Application Data\_VOIDmainqt.dll N/A 8 C:\WINDOWS\SYSTEM32\4DW4R3c.dll N/A 9 C:\WINDOWS\SYSTEM32\4DW4R3sv.dat N/A 10 C:\WINDOWS\SYSTEM32\4DW4R3[RANDOM].dll N/A 11 C:\WINDOWS\SYSTEM32\DRIVERS\4DW4R3.sys N/A 12 C:\WINDOWS\SYSTEM32\DRIVERS\4DW4R3[RANDOM].sys N/A 13 C:\WINDOWS\system32\drivers\UAC[RANDOM].sys N/A 14 C:\WINDOWS\system32\drivers\_VOID[RANDOM].sys N/A 15 C:\WINDOWS\system32\uacinit.dll N/A 16 C:\WINDOWS\system32\uactmp.db N/A 17 C:\WINDOWS\system32\UAC[RANDOM].dat N/A 18 C:\WINDOWS\system32\UAC[RANDOM].db N/A 19 C:\WINDOWS\system32\UAC[RANDOM].dll N/A 20 C:\WINDOWS\system32\_VOID[RANDOM].dat N/A 21 C:\WINDOWS\system32\_VOID[RANDOM].dll N/A 22 C:\WINDOWS\Temp\UAC[RANDOM].tmp N/A 23 C:\WINDOWS\Temp\_VOID[RANDOM]tmp N/A 24 C:\WINDOWS\_VOID[RANDOM]\ N/A 25 C:\WINDOWS\_VOID[RANDOM]\_VOIDd.sys N/A
Posted: April 3, 2009 | By SpywareRemove
Rate this article: