Backdoor.Tidserv.J

Posted: January 12, 2010

Backdoor.Tidserv.J is a malicious Trojan which downloads files from a remote location, and is able to modify system settings to drop malicious files on the infected system. Backdoor.Tidserv.J may also add unwanted plug-ins to Internet Explorer for secretly monitoring web activities. Backdoor.Tidserv.J poses a severe threat to PC security and should be removed once detected.

File System Modifications

The following files were created in the system:

#	File Name
1	%Temp%\H8SRT[RANDOM HEXADECIMAL DIGITS FILE NAME ONE].tmp
2	%Temp%\H8SRT[RANDOM HEXADECIMAL DIGITS FILE NAME THREE].tmp
3	%Windir%\system32\drivers\H8SRT[TEN RANDOM CHARACTERS].sys
4	%Windir%\system32\H8SRT[TEN RANDOM CHARACTERS].dat
5	%Windir%\system32\H8SRT[TEN RANDOM CHARACTERS].dll

Registry Modifications

The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\H8SRTHKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\H8SRTd.sys

Backdoor.Tidserv.J

File System Modifications

Registry Modifications

Leave a Reply