Rootkit.TDSS

Rootkit.TDSS Description

The TDSS Rootkit has become extremely widespread since TDSS Rootkit's beginnings in 2008. PC security analysts indicate that this rootkit presents exceptional difficulties for TDSS Rootkit's study and treatment because of TDSS Rootkit's very nature. The TDSS Rootkit infects drivers, meaning that TDSS Rootkit is loaded before the operating system itself. This implies an infection that is very deep and very challenging to remove. Usually, specialized tools are needed to detect and remove the TDSS Rootkit from an infected computer system.

The History of the TDSS Rootkit


The first versions of the TDSS Rootkit are known as TDL-1 or Rootkit.Win32.Clbd.a, because of TDSS Rootkit's ability to infect the driver clbdriver-sys and the clbdll.dll DLL file. Some parts of the original TDSS Rootkit remain in today's newest versions of this extremely dangerous infection. TDL-1 has the capability of hiding itself and other files, executing high-level functions, and injecting malicious code. The TDSS Rootkit also protects itself by displaying an error message reading "STATUS_TOO_MANY_SECRETS" when trying to open the directories needed to remove this rootkit.

The next version of the TDSS Rootkit, TDL-2 made its appearance in spring of 2009. Its main feature is that the rootkit was encrypted to make it much harder for security researchers to analyze TDSS Rootkit. The hackers behind the TDSS Rootkit also included random segments from Shakespeare's Hamlet to confuse researchers further.

In the autumn of 2009, the next generation of the TDSS Rootkit started appearing. Security researchers indicate that the TDL-3 generation of the TDSS Rootkit is particularly malignant and especially hard to remove. The main trouble with TDL-3 is the fact the hackers behind it update TDSS Rootkit constantly. There is a constant arms race between the PC security experts and the hackers; with each advancement in anti-rootkit technology, the hackers release a new update to undo it.

The TDSS Rootkit and Online Scams


Hackers use the TDSS Rootkit to make money through affiliate marketing. While affiliate marketing can be a completely legal activity, the hackers' version of affiliate marketing involves attracting visitors and unwary victims to infected websites associated with various kinds of malware. The TDSS Rootkit is also strongly related to large botnets, typically with a number close to twenty thousand infected computers, which are sold or rented out to criminal organizations. The creators of the TDSS Rootkit are thought to be from the Russian Federation. The TDSS Rootkit botnets have been used for a wide range of criminal activities, from DDoS attacks to sending massive amounts of spam emails.
Aliases: DNSChanger!dd [McAfee+Artemis], Generic Trojan [Panda], Trojan.Agent.ATV [CAT-QuickHeal], Trojan/Olmarik.sr [TheHacker], Trojan.Alureon.MIZ [VirusBuster], a variant of Win32/Olmarik.SR [NOD32], Win32:Jifas-DT [Avast], Trojan.Generic.3238155 [BitDefender], TR/Agent.42496.27 [AntiVir], BKDR_TIDIES.SMA [TrendMicro], Mal/Generic-A [Sophos], Hacktool.Rootkit [Symantec], Generic16.BRWH [AVG], TR/Crypt.XPACK.Gen3 [AntiVir] and Win32/ASuspect.HGOJO [eTrust-Vet].

Infected with Rootkit.TDSS? Scan Your PC for Free

Download SpyHunter’s Spyware Scanner
to Detect Rootkit.TDSS

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in 'Safe Mode with Networking' and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

Infection Statistics


Our MalwareTracker shows malware activity across the world. Explore real-time data of Rootkit.TDSS outbreaks and other threats from global to local level.

File System Details

Rootkit.TDSS creates the following file(s):
# File Name Size MD5 Detection Count
1 %WINDIR%\PRAGMAixjipouowq\PRAGMAd.sys 44,544 4a2dccdd2a14acce0dc2bcfc01b01b15 46
2 %WINDIR%\System32\drivers\_VOIDhrotxiltat.sys 42,496 89b56f6143f7c1ad44cd10f46700b9da 31
3 %WINDIR%\system32\diskchk.sys 2,432 e94d859753bb68f113b88e8b78607776 11
4 %WINDIR%\system32\tcppid.sys 2,304 c72311b8d604a3e3e9b36df733f30843 7
5 %WINDIR%\system32\isaxbox.sys 2,304 5a7eef7dcdae6912afe7f50983d5520f 5

Site Disclaimer

Leave a Reply

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as-is:
What is 6 + 10 ?