TDSS.d!men

Posted: August 12, 2011

TDSS.d!men Description

TDSS.d!men is an advanced variation on previous rootkits that can be configured to perform a broad range of attacks on your PC. Because TDSS.d!men and similar rootkits use sophisticated tactics to avoid being detected, only an extremely powerful and well-updated anti-malware program is capable of finding or removing TDSS.d!men. TDSS.d!men may be used to install other harmful programs onto your computer, including Trojans, spyware, browser hijackers, viruses and worms, to name a few possibilities. Be particularly careful about making sure TDSS.d!men is completely eradicated when you're trying to remove TDSS.d!men with appropriate software, since TDSS.d!men may have multiple components and will hide itself deeply in your system.

A Look Through TDSS.d!men's Sordid History

TDSS.d!men comes from a long line of particularly sophisticated rootkits that can be instructed for general-purpose attacks on your computer's security and privacy. The TDSS.d!men family started with the original TDSS Rootkit, which went through variations, such as TDL2 Rootkit and TDL3 Rootkit, before settling on its most recent upgrade, TDSS.d!men. Because these rootkits are built to use multiple components, different parts of a TDSS.d!men or similar rootkit infection can be identified by slightly different labels. Some prominent TDSS.d!men components that SpywareRemove.com malware analysts have found include Virus:Win32/Alureon.H, Virus:Win32/Alureon.DN and the Google Redirect Virus.

TDSS.d!men is an opportunist that doesn't use an explicitly-defined means of infecting your PC; instead, TDSS.d!men and related Trojans may attack by multiple methods. These methods include drive-by-download scripts, fake codecs and media updates and bundles with programs that are distributed on P2P networks and criminal software websites.

The Corrupt System Boot That TDSS.d!men Wants You to Use

TDSS.d!men's most defining trait is its tendency to contaminate the Master Boot Record or MBR. This allows TDSS.d!mento avoid detection by less-advanced anti-malware programs, as well as lets TDSS.d!men launch itself and take action without requiring you to do anything to trigger TDSS.d!men's attacks. The following is a list of what SpywareRemove.com malware research team has found to be some of the most well-used attacks for TDSS.d!men and other rootkits in its family:

  • Browser hijacks. Hijacker components of TDSS.d!men may change your homepage, redirect you to harmful websites or display fake errors that block benign websites.
  • Security attacks. You may discover that your network ports have been opened, that your firewall is making exceptions for unusual programs or that you're unable to run various types of security-related programs, including anti-virus scanners.
  • The installation of other malicious software, particularly rogue security programs like Kaspersky Internet Security 2011 Enhanced Protection Mode, WolfRam AntiVirus, Windows Salvage System, Best Antivirus and Antivirus Antimalware 2011.

In addition to your having appropriate software for removing TDSS.d!men, it's also important to use the correct scanning procedures. SpywareRemove.com malware analysts take pains to stress that any system scan that bypasses or ignores the Master Boot Record (as is the case with most 'quick scan' options, for example) will not remove all of the TDSS.d!men rootkit. Because TDSS.d!men is also a very recently-defined PC threat as of August 2011, having the latest updates for your anti-malware software is also a vital step to getting rid of TDSS.d!men infestations.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to TDSS.d!men may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

Registry Modifications


The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\PchSvc] DataCollection =[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] 804127477 = "%UserProfile%\804127477.exe"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent] (Default) =[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent] (Default) =

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.