Spammer.Tedroo
Posted: December 7, 2010
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 44 |
| First Seen: | December 7, 2010 |
|---|---|
| OS(es) Affected: | Windows |
Spammer.Tedroo is a family of backdoor Trojans that create security vulnerabilities in your PC and use your computer's resources to send spam email messages. Different types of Spammer.Tedroo threats can disable important security programs, negatively alter system settings or allow remote attackers to control your PC. There may be no signs of Spammer.Tedroo's spamming activities or other attacks, but any Spammer.Tedroo infection is a high-level security threat. You can remove Spammer.Tedroo by disabling Spammer.Tedroo and using anti-virus software to remove Spammer.Tedroo and any threats that Spammer.Tedroo might have downloaded onto your computer.
Spammer.Tedroo – The Invisible Email Sender
There are many different variants of the basic Spammer.Tedroo infection, including Spammer:BAT/Tedroo, Spammer:Win32/Tedroo, Spammer:HTML/Tedroo, Spammer:WinNT/Tedroo, Spammer:Win32/Tedroo.AB, Spammer:Win32/Tedroo.AA, Spammer:Win32/Tedroo.I, Spammer:Win32/Tedroo.A and Spammer:Win32/Tedroo.gen!B. However, all of these types of Spammer.Tedroo all perform the same basic function: using your computer to send spam email to other people's mailboxes.
Spammer.Tedroo uses an internal SMTP email client to send out Spammer.Tedroo's spam and this prevents spam messages from showing up in your mailbox or in any other visible part of your PC. Despite being invisible, Spammer.Tedroo's activities may use up noticeably large amounts of memory and other system resources. This can cause slowdown in your computer and general instability.
The Non-Spam Tidbits in Spammer.Tedroo's Arsenal
As a full-blown Trojan threat, Spammer.Tedroo isn't limited to sending spam and may perform a number of other functions, some of which are extremely harmful to your computer:
- Some versions of Spammer.Tedroo have been seen using the Registry to alter your default browser settings. This lets Spammer.Tedroo hijack Internet Explorer and other popular web browsers and control which website you're able to visit.
- Spammer.Tedroo may perform the functions of an advertisement-clicker; advertisement-clickers will click on advertisements repeatedly to drive click-based revenue to criminals. Like Spammer.Tedroo's spamming, this attack may use up a high amount of system resources.
- Most versions of Spammer.Tedroo are also able to update themselves to add other harmful capabilities or alter their settings to adapt to the infected computer.
- Spammer.Tedroo has also been seen forcing computers to participate in DDoS or Distributed-Denial-of-Service attacks. These attacks crash websites by flooding them with traffic and are highly illegal although not directly dangerous to your PC.
- Most Spammer.Tedroo infections can also download and install other files, including potentially malicious ones.
- Lastly, Spammer.Tedroo can disable different security-related programs and services. This includes Shared Access and the Windows Firewall. A disabled firewall leaves your computer highly vulnerable to attacks by remote criminals.
Even though Spammer.Tedroo may be all but invisible in Spammer.Tedroo's attacks, Spammer.Tedroo infections are still extremely dangerous for your PC security and should be dealt with harshly and without hesitation. Anti-malware programs can delete Spammer.Tedroo regardless of which type of Spammer.Tedroo you have on your PC although you may need to download threat definition updates prior to trying to delete Spammer.Tedroo.
File System Modifications
- The following files were created in the system:
# File Name 1 009547.exe 2 09939939.exe 3 14.exe 4 34611015.exe 5 68.tmp 6 cacheautoobj.exe 7 csrss.exe 8 explorer.exe:userini.exe 9 fb hack.exe 10 mfpmsc.dll 11 mstatea.dll 12 msvmcls64.exe 13 msvmiode.exe 14 nbcqz.exe 15 odcsskt.dat 16 rarydse.dll 17 rav.exe 18 services.exe 19 servises.exe 20 setup.exe 21 svchost.exe 22 taskmgr.exe 23 userini.exe 24 userinit.exe 25 winlagon.exe 26 winlogon.exe 27 winwrrh.exe 28 wuauclt.exe
Aliases
More aliases (120)
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%ALLUSERSPROFILE%\Anwendungsdaten\79641027\79641027.exe
File name: 79641027.exeSize: 870.92 KB (870928 bytes)
MD5: 63ca8d0f8efa5c22dd5eb09a4a527b5f
Detection count: 95
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Anwendungsdaten\79641027
Group: Malware file
Last Updated: December 8, 2010
%TEMP%\fltMasks.dll
File name: fltMasks.dllSize: 40.96 KB (40960 bytes)
MD5: f2d4dbb3d77aebe00c2969ff05ad2297
Detection count: 34
File type: Dynamic link library
Mime Type: unknown/dll
Path: %TEMP%
Group: Malware file
Last Updated: December 8, 2010
%ALLUSERSPROFILE%\Application Data\49363934\49363934.exe
File name: 49363934.exeSize: 888.84 KB (888848 bytes)
MD5: 62bf2d052387c55d3009f4c87d773427
Detection count: 25
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data\49363934
Group: Malware file
Last Updated: December 8, 2010
%WINDIR%\explorer.exe:userini.exe
File name: explorer.exe:userini.exeSize: 55.8 KB (55808 bytes)
MD5: 44b8c7bbe586bb7a54d136124d9b5028
Detection count: 24
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%
Group: Malware file
Last Updated: December 7, 2010
%ALLUSERSPROFILE%\Anwendungsdaten\38144121\38144121.exe
File name: 38144121.exeSize: 886.28 KB (886288 bytes)
MD5: d96b11a3b27b234227ab4ebb8a641aee
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Anwendungsdaten\38144121
Group: Malware file
Last Updated: December 8, 2010
More files
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.