Home Malware Programs Rootkits TDSS.e!rootkit


Posted: July 11, 2011

TDSS.e!rootkit is a rootkit Trojan that can be used to install other harmful programs or to allow remote criminals to control your PC. As with other rootkit infections, TDSS.e!rootkit can be extremely difficult to detect. Removing TDSS.e!rootkit, even with help from less advanced anti-virus software, is also subject to a high failure rate in some cases. Since TDSS.e!rootkit was noted in 2011, keeping your security software updated is crucial for defending your PC against a TDSS.e!rootkit attack. Symptoms of a TDSS.e!rootkit infection can include blocked security programs and recurring TDSS.e!rootkit threat detections from your anti-virus scanners. Only the best possible PC security software should be used to delete TDSS.e!rootkit, since lesser alternatives may easily fail even if, at first, they appear to have deleted TDSS.e!rootkit.

TDSS.e!rootkit - The Newest Entry in the Rootkit Hall of Shame

Although general TDSS rootkits have been around for some time, TDSS.e!rootkit is a very recent variation from the rootkit family that was only seen in 2011. If you use anti-virus software, web browsers or other applications that are significantly out of date, you may be more vulnerable to being attacked by TDSS.e!rootkit. In particular, keeping your anti-virus software's threat definitions updated can mean the difference between a successful and an unsuccessful removal of TDSS.e!rootkit.

Like all rootkits, TDSS.e!rootkit is built to avoid being seen, and you shouldn't expect to see obvious indications of a TDSS.e!rootkit attack. However, you may notice TDSS.e!rootkit's activities by noting opened network ports, unusual firewall behavior, the presence of strange files or altered system settings.

TDSS.e!rootkit's inevitably malicious behavior may cause any or all of the following:

  • TDSS.e!rootkit may create a backdoor in your network security. Backdoors can be used for a variety of remote attacks, including forcing your computer into DDoS botnet crimes or allowing criminals to control your PC. Backdoors often are detectable by noticing changes in your port settings or firewall settings.
  • TDSS.e!rootkit can install other harmful programs without your consent. Common payloads that are installed by Trojan rootkits like TDSS.e!rootkit include rogue security software, ransomware that lock up your PC until a fee is paid and keyloggers that record the keystrokes from your keyboard to steal private information.
  • Blocked security applications. TDSS.e!rootkit may disable various types of security-related programs, and is specifically known for blocking anti-rootkit applications that specialize in removing TDSS.e!rootkit and similar rootkits.

Why Lesser Anti-Virus Software May Be Outclassed by TDSS.e!rootkit

You should expect TDSS.e!rootkit to be active on a constant basis, although you may not see TDSS.e!rootkit files due to the sophisticated stealth capabilities of even average rootkits. Even memory entries may not give TDSS.e!rootkit away, since TDSS.e!rootkit may inject TDSS.e!rootkit's code into native memory processes such as explorer.exe and svchost.exe.

Disabling System Restore while trying to remove TDSS.e!rootkit is often recommended, but in some cases, a TDSS.e!rootkit infection can persist even after doing this. Even if you chosen an anti-virus software to detect and delete TDSS.e!rootkit, it's commonly reported TDSS.e!rootkit to regenerate after a reboot due to the deletion being incomplete.

As a result of TDSS.e!rootkit's extremely hardy nature, you should use only the best and most updated anti-malware software to get rid of TDSS.e!rootkit, preferably with the assistance of a computer security expert.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %System%\cmd.exe
    2 %System%\mmc.exe
    3 %System%\taskmgr.exe
    4 %Windir%\system.ini
    5 Jqyfub.exe
    6 userinit.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\ApcrmkehHKEY_CURRENT_USER\Software\Apcrmkeh\-72398023HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\SvcHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] UacDisableNotify = 0x00000001HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser HelperObjects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser HelperObjects{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}

One Comment

  • Hanen says:

    I hate SecuROM it is why I am not sure if I will buy Spore. I am betting I have the swfotare already as I installed the Spore Creature Creator trial. I been meaning to check out this tool myself now I have a reason yay. Bottom line root kits are evil and tools like this are wonderful.