BOO/TDss.O
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 90 % (High) |
| Infected Computers: | 8 |
| First Seen: | December 21, 2011 |
| Last Seen: | June 27, 2022 |
| OS(es) Affected: | Windows |
BOO/TDss.O is a dangerous malware infection that is closely associated with the Alureon rootkit. BOO/TDss.O in particular has been used to infect computers with variants of the infamous Ukash Winlocker which usually manifest themselves as fake messages from police force for various countries around the world. While these ransomware infections are not particularly difficult to remove, BOO/TDss.O is quite difficult to remove and can result in long term damage to the infected operating system. This is because BOO/TDss.O is a boot sector rootkit which, by acting on essential Windows files, can make removal quite difficult without a specialized anti-rootkit tool.
BOO/TDss.O and the Alureon Family of Rootkits
Although BOO/TDss.O itself has nearly no adverse effects on the infected computer, BOO/TDss.O will usually be a single component in a large-scale malware attack. As mentioned above, BOO/TDss.O has been associated with ransomware scams involving fake messages from the police. However, this does not mean that BOO/TDss.O cannot be used in a variety of malware attacks. BOO/TDss.O will usually display no overt symptoms and detecting this infection may be difficult without an advanced anti-malware program with anti-rootkit capabilities. The Alueron family of rootkits, one of the many variants of the infamous TDSS rootkit, infects the victim's computer's Master Boot Record. Because of this, many security programs are not able to detect BOO/TDss.O, especially since this malware threat is contained in an exceptionally small file.
How BOO/TDss.O Attacks Your Computer
BOO/TDss.O will load a small file that hooks into the infected computer's BIOS. This means that BOO/TDss.O's associated malware will load even before Windows starts to load, which results in an infection that is entrenched quite deeply in the affected computer. Although the actual infection process used by BOO/TDss.O and other TDSS variants is extremely complicated and requires advanced computer knowledge, it is enough to say that BOO/TDss.O is designed to install and protect other malware on the infected computer. Just as BOO/TDss.O can hide effectively from many anti-malware programs, BOO/TDss.O can hide other malware from detection.
Manual removal of a BOO/TDss.O infection is impractical, and nearly impossible without advanced computer knowledge. As is the case with many boot sector rootkits, it is also difficult to ascertain whether BOO/TDss.O has been removed entirely without wiping the infected computer's hard drive and reinstalling Windows. ESG security researchers recommend using a specialized tool for removing TDSS variants and then using an advanced anti-malware application to perform a complete scan of the infected computer.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.