TDSS Rootkit Description
TDSS Rootkit is a rootkit that makes use of multiple Trojans that generate revenue for criminals in a variety of ways. These cash-generating methods invariably cause harm to your computer by hijacking your browser, altering online content, changing your system settings, installing hostile programs, creating advertisements and infecting crucial Windows files. Although different types of TDSS Rootkit infections may exhibit slightly different behavior, all types of TDSS Rootkit attackers are extremely dangerous, and most will consist of multiple subtypes of Trojans and other threatening programs. As is the case with all rootkits, removing TDSS Rootkit or even detecting TDSS Rootkit is extremely difficult and may require help from high-quality threat-removal software.
Meeting the Whole TDSS Rootkit Family
As a multi-component infection, TDSS Rootkit attacks will use many different types of Trojans to create many attacks on your PC, although almost all of these attacks have the motive of generating money. For example:
- Google Redirect Virus is a TDSS Rootkit component that hijacks your browser and redirects you to risky websites, after you've click on a Google search result.
- Virus:Win32/Alureon.H is a driver that's been infected by TDSS Rootkit. Virus:Win32/Alureon.H is responsible for loading the primary TDSS Rootkit code, which is scattered randomly around your hard drive. TDSS Rootkit, once loaded, will conceal both itself and the Virus:Win32/Alureon.H driver infection.
- Trojan:Win32/Alureon.DN is a .dll file that TDSS Rootkit uses to alter online content. TDSS Rootkit does this by injecting malicious code into innocent HTML.
What You Can Do to Kick Out the TDSS Rootkit Gang
Although the full list of TDSS Rootkit components is far too long to enumerate fully, you can assume that any TDSS Rootkit infection is engaged in multiple attacks on your computer with multiple types of Trojans at any given time. Other problems that are associated with TDSS Rootkit include browser hijacks that redirect you to hostile websites, advertisement pop-ups, the appearance of a security backdoor (by way of opened network ports and altered firewall settings), altered Domain Name System (DNS) settings and the appearance of unfamiliar programs on your computer.
All types of TDSS Rootkit infections are extremely difficult to remove. Even if you think you've deleted TDSS Rootkit during a system scan, a reboot may reveal that TDSS Rootkit was never really deleted at all. Temporarily disabling System Restore may be necessary as part of the TDSS Rootkit removal process, and rootkits like TDSS Rootkit have been known to persist even in Safe Mode.
Despite the difficulty of deleting TDSS Rootkit, allowing TDSS Rootkit or any of its individual components to remain on your PC is extremely dangerous. Ignoring the threat that TDSS Rootkit presents can not only be a source of other infections but may also allow remote criminals to exert direct control over your PC.
File System Modifications
- The following files were created in the system:
# File Name 1 %Temp%\_VOID[RANDOM CHARACTERS].tmp 2 %Temp%\UAC[RANDOM CHARACTERS].tmp 3 C:\Documents and Settings\All Users\Application Data\_VOIDmainqt.dll 4 C:\WINDOWS\_VOID[RANDOM CHARACTERS]\ 5 C:\WINDOWS\_VOID[RANDOM CHARACTERS]\_VOIDd.sys 6 C:\WINDOWS\SYSTEM32\4DW4R3[RANDOM CHARACTERS].dll 7 C:\WINDOWS\SYSTEM32\4DW4R3c.dll 8 C:\WINDOWS\SYSTEM32\4DW4R3sv.dat 9 C:\WINDOWS\system32\_VOID[RANDOM CHARACTERS].dat 10 C:\WINDOWS\system32\_VOID[RANDOM CHARACTERS].dll 11 C:\WINDOWS\SYSTEM32\DRIVERS\4DW4R3.sys 12 C:\WINDOWS\SYSTEM32\DRIVERS\4DW4R3[RANDOM CHARACTERS].sys 13 C:\WINDOWS\system32\drivers\_VOID[RANDOM CHARACTERS].sys 14 C:\WINDOWS\system32\drivers\UAC[RANDOM CHARACTERS].sys 15 C:\WINDOWS\system32\UAC[RANDOM CHARACTERS].dat 16 C:\WINDOWS\system32\UAC[RANDOM CHARACTERS].db 17 C:\WINDOWS\system32\UAC[RANDOM CHARACTERS].dll 18 C:\WINDOWS\system32\uacinit.dll 19 C:\WINDOWS\system32\uactmp.db 20 C:\WINDOWS\Temp\_VOID[RANDOM CHARACTERS]tmp 21 C:\WINDOWS\Temp\UAC[RANDOM CHARACTERS].tmp
- The following newly produced Registry Values are:
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to TDSS Rootkit may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.