BOO/TDss.O is a dangerous malware infection that is closely associated with the Alureon rootkit. BOO/TDss.O in particular has been used to infect computers with variants of the infamous Ukash Winlocker which usually manifest themselves as fake messages from police force for various countries around the world. While these ransomware infections are not particularly difficult to remove, BOO/TDss.O is quite difficult to remove and can result in long term damage to the infected operating system. This is because BOO/TDss.O is a boot sector rootkit which, by acting on essential Windows files, can make removal quite difficult without a specialized anti-rootkit tool.
BOO/TDss.O and the Alureon Family of Rootkits
Although BOO/TDss.O itself has nearly no adverse effects on the infected computer, BOO/TDss.O will usually be a single component in a large-scale malware attack. As mentioned above, BOO/TDss.O has been associated with ransomware scams involving fake messages from the police. However, this does not mean that BOO/TDss.O cannot be used in a variety of malware attacks. BOO/TDss.O will usually display no overt symptoms and detecting this infection may be difficult without an advanced anti-malware program with anti-rootkit capabilities. The Alueron family of rootkits, one of the many variants of the infamous TDSS rootkit, infects the victim’s computer’s Master Boot Record. Because of this, many security programs are not able to detect BOO/TDss.O, especially since this malware threat is contained in an exceptionally small file.
How BOO/TDss.O Attacks Your Computer
BOO/TDss.O will load a small file that hooks into the infected computer’s BIOS. This means that BOO/TDss.O’s associated malware will load even before Windows starts to load, which results in an infection that is entrenched quite deeply in the affected computer. Although the actual infection process used by BOO/TDss.O and other TDSS variants is extremely complicated and requires advanced computer knowledge, it is enough to say that BOO/TDss.O is designed to install and protect other malware on the infected computer. Just as BOO/TDss.O can hide effectively from many anti-malware programs, BOO/TDss.O can hide other malware from detection.
Manual removal of a BOO/TDss.O infection is impractical, and nearly impossible without advanced computer knowledge. As is the case with many boot sector rootkits, it is also difficult to ascertain whether BOO/TDss.O has been removed entirely without wiping the infected computer’s hard drive and reinstalling Windows. ESG security researchers recommend using a specialized tool for removing TDSS variants and then using an advanced anti-malware application to perform a complete scan of the infected computer.
How Can You Detect BOO/TDss.O?