Trojan.Alureon.D

Posted: January 6, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	8/10
Infected PCs:	934

First Seen:	November 30, 2010
OS(es) Affected:	Windows

Trojan.Alureon.D is a rootkit from the Win32/Alureon family. Although, as its name implies, Trojan.Alureon.D preferentially-attacks 32-bit versions of Windows operating systems, Trojan.Alureon.D is able to successfully-infect and operate in most Windows variants. SpywareRemove.com malware experts warn that although Trojan.Alureon.D, as a rootkit, shows almost no symptoms of being present, its effectively-transparent attacks allow Trojan.Alureon.D to swindle confidential information, such as account names, passwords or credit card numbers for the use of remote criminals. Anti-malware programs of good repute should be used to detect and remove Trojan.Alureon.D, since Trojan.Alureon.D and other Alureon rootkits are notoriously-difficult to even find, let alone delete, by manual methods.

Catching Trojan.Alureon.D Before It Catches Up to Your Private Info

Trojan.Alureon.D can be installed by itself but is more-likely to be present alongside other types of PC threats that have exploited the same vulnerabilities to profit off of your computer. Other rootkits, trojan droppers, backdoors and browser hijackers are all probable partners in a Trojan.Alureon.D infection. Other members of Trojan.Alureon.D's native Alureon family, such as Alureon!inf, may also be present. SpywareRemove.com malware researchers have catch sight of the following conditions to be typical during attacks by Trojan.Alureon.D and related PC threats:

Search engine redirects to unusual sites – such as sites that sell fake software or display advertisements without real content.
Unusual security settings, including opened network ports and unusual program exceptions in your firewall.
Disabled security applications such as anti-malware products, Windows Update and, upon occasion, even very basic utilities like Task Manager.
A general degradation of system performance; you may experience random crashes, poor responsiveness to input and other stability-related issues.

These symptoms are only side effects; however, Trojan.Alureon.D's main function is to steal passwords, financial data and other forms of personal information quietly, especially information that's entered through your web browser or saved in cached files. If you've recently removed Trojan.Alureon.D from your PC, you should be sure to change all passwords and equivalent types of security information to prevent criminals from breaking into your accounts, making fraudulent charges or stealing your identity.

Sure Signs of Trojan.Alureon.D's Thievery

Along with its symptoms, Trojan.Alureon.D can be noticed due to the presence of UACD.sys and TDSS.sys files in your System32/drivers folder. These files and other components of Trojan.Alureon.D should be deleted by a suitable anti-malware program to be certain of Trojan.Alureon.D's total removal. Trojan.Alureon.D, like most types of malicious software, also makes changes to your Windows Registry that allows Trojan.Alureon.D to launch itself by default. As such, SpywareRemove.com malware experts warn you to assume that Trojan.Alureon.D is making its attacks until you've confirmed that you've managed to disable and remove Trojan.Alureon.D.

Since rootkits like Trojan.Alureon.D may also infect normal system components, you should always remove Trojan.Alureon.D with a full system scan instead of removing Trojan.Alureon.D by scanning specific locations. Extra measures to insure Trojan.Alureon.D's total removal, such as using Safe Mode or disabling System Restore on a temporary basis, may also be mandatory. However, as long as you catch and remove Trojan.Alureon.D quickly and by appropriate methods, your PC shouldn't suffer long-term damage from Trojan.Alureon.D's attacks.

Aliases

Generic Trojan [Panda]Generic16.BRWH [AVG]Hacktool.Rootkit [Symantec]Mal/Generic-A [Sophos]BKDR_TIDIES.SMA [TrendMicro]TR/Agent.42496.27 [AntiVir]Trojan.Generic.3238155 [BitDefender]Win32:Jifas-DT [Avast]a variant of Win32/Olmarik.SR [NOD32]Trojan.Agent.ATV [CAT-QuickHeal]DNSChanger!dd [McAfee+Artemis]Win32/ASuspect.HGOJO [eTrust-Vet]TR/Crypt.XPACK.Gen3 [AntiVir]Win32/Olmarik.XH [NOD32]Win32:Rootkit-gen [Avast]
More aliases (101)

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%WINDIR%\System32\drivers\_VOIDhrotxiltat.sys

File name: _VOIDhrotxiltat.sys
Size: 42.49 KB (42496 bytes)
MD5: 89b56f6143f7c1ad44cd10f46700b9da
Detection count: 31
File type: System file
Mime Type: unknown/sys
Path: %WINDIR%\System32\drivers
Group: Malware file
Last Updated: October 14, 2011

%WINDIR%\system32\tcppid.sys

File name: tcppid.sys
Size: 2.3 KB (2304 bytes)
MD5: c72311b8d604a3e3e9b36df733f30843
Detection count: 16
File type: System file
Mime Type: unknown/sys
Path: %WINDIR%\system32
Group: Malware file
Last Updated: December 8, 2010

%WINDIR%\system32\isaxbox.sys

File name: isaxbox.sys
Size: 2.3 KB (2304 bytes)
MD5: 5a7eef7dcdae6912afe7f50983d5520f
Detection count: 12
File type: System file
Mime Type: unknown/sys
Path: %WINDIR%\system32
Group: Malware file
Last Updated: December 8, 2010

UACD.sys

File name: UACD.sys
File type: System file
Mime Type: unknown/sys
Group: Malware file

TDDS.sys

File name: TDDS.sys
File type: System file
Mime Type: unknown/sys
Group: Malware file

More files