TDSS.e!rootkit

Posted: July 11, 2011

TDSS.e!rootkit Description

TDSS.e!rootkit is a rootkit Trojan that can be used to install other harmful programs or to allow remote criminals to control your PC. As with other rootkit infections, TDSS.e!rootkit can be extremely difficult to detect. Removing TDSS.e!rootkit, even with help from less advanced anti-virus software, is also subject to a high failure rate in some cases. Since TDSS.e!rootkit was noted in 2011, keeping your security software updated is crucial for defending your PC against a TDSS.e!rootkit attack. Symptoms of a TDSS.e!rootkit infection can include blocked security programs and recurring TDSS.e!rootkit threat detections from your anti-virus scanners. Only the best possible PC security software should be used to delete TDSS.e!rootkit, since lesser alternatives may easily fail even if, at first, they appear to have deleted TDSS.e!rootkit.

TDSS.e!rootkit - The Newest Entry in the Rootkit Hall of Shame

Although general TDSS rootkits have been around for some time, TDSS.e!rootkit is a very recent variation from the rootkit family that was only seen in 2011. If you use anti-virus software, web browsers or other applications that are significantly out of date, you may be more vulnerable to being attacked by TDSS.e!rootkit. In particular, keeping your anti-virus software's threat definitions updated can mean the difference between a successful and an unsuccessful removal of TDSS.e!rootkit.

Like all rootkits, TDSS.e!rootkit is built to avoid being seen, and you shouldn't expect to see obvious indications of a TDSS.e!rootkit attack. However, you may notice TDSS.e!rootkit's activities by noting opened network ports, unusual firewall behavior, the presence of strange files or altered system settings.

TDSS.e!rootkit's inevitably malicious behavior may cause any or all of the following:

  • TDSS.e!rootkit may create a backdoor in your network security. Backdoors can be used for a variety of remote attacks, including forcing your computer into DDoS botnet crimes or allowing criminals to control your PC. Backdoors often are detectable by noticing changes in your port settings or firewall settings.
  • TDSS.e!rootkit can install other harmful programs without your consent. Common payloads that are installed by Trojan rootkits like TDSS.e!rootkit include rogue security software, ransomware that lock up your PC until a fee is paid and keyloggers that record the keystrokes from your keyboard to steal private information.
  • Blocked security applications. TDSS.e!rootkit may disable various types of security-related programs, and is specifically known for blocking anti-rootkit applications that specialize in removing TDSS.e!rootkit and similar rootkits.

Why Lesser Anti-Virus Software May Be Outclassed by TDSS.e!rootkit

You should expect TDSS.e!rootkit to be active on a constant basis, although you may not see TDSS.e!rootkit files due to the sophisticated stealth capabilities of even average rootkits. Even memory entries may not give TDSS.e!rootkit away, since TDSS.e!rootkit may inject TDSS.e!rootkit's code into native memory processes such as explorer.exe and svchost.exe.

Disabling System Restore while trying to remove TDSS.e!rootkit is often recommended, but in some cases, a TDSS.e!rootkit infection can persist even after doing this. Even if you chosen an anti-virus software to detect and delete TDSS.e!rootkit, it's commonly reported TDSS.e!rootkit to regenerate after a reboot due to the deletion being incomplete.

As a result of TDSS.e!rootkit's extremely hardy nature, you should use only the best and most updated anti-malware software to get rid of TDSS.e!rootkit, preferably with the assistance of a computer security expert.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %System%\cmd.exe
    2 %System%\mmc.exe
    3 %System%\taskmgr.exe
    4 %Windir%\system.ini
    5 Jqyfub.exe
    6 userinit.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\ApcrmkehHKEY_CURRENT_USER\Software\Apcrmkeh\-72398023HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\SvcHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] UacDisableNotify = 0x00000001HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser HelperObjects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser HelperObjects{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to TDSS.e!rootkit may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Rootkits TDSS.e!rootkit

One Comment

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.