Boot.tidser.b
Boot.tidser.b is a detection for a variant of Tidserv Trojan that is able to infect 64-bit Windows operating systems. Boot.tidser.b targets the Master Boot Record (MBR) of the affected computer system. MBR will be replaced with a malicious version that may result in PC system crashes. The infected MBR hooks BIOS functions which in turn patch the Windows kernel as it is launched. The patched kernel then starts a malicious driver from Tidserv's encrypted file system, which is set at the end of the disk. The threat thereby bypasses protection mechanisms existing on the PC system and is thus able to install itself as a rootkit. Boot.tidser.b is a serious threat which needs to be removed from the infected computer as quickly as possible.
File System Details
Boot.tidser.b may create the following file(s):
# | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|
1. | %AppData%\WXZVMXG2LZ.exe | |
2. | %PROGRAM_FILES%\ BackdBoot.Tidserv\Boot.Tidserv | |
3. | %AppData%\data.dat |
Registry Details
Boot.tidser.b may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6965428F-326F-2F86-CBFE-CFEE09BE6BBD}
HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\{6965428F-326F-2F86-CBFE-CFEE09BE6BBD}
HKEY_LOCAL_MACHINE\Software\Boot.Tidserv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.