TDL3 Rootkit

By Domesticus in Rootkits | 18 views
Rate it:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
 More... More

TDL3 Rootkit Description

TDL3 Rootkit is a variant of the TDSS rootkit, also known as Alureon, which is a member of a family of rootkits for the Windows operating system that drops more malware infections on the affected PC. TDL3 Rootkit also distributes and displays pop-up advertisements on your computer and blocks legitimate applications from running. TDL3 Rootkit corrupts the targeted PC by replacing hard disk drivers with malicious versions. After successful installation, TDL3 Rootkit will hide itself from Windows and security programs while downloading and running other malware threats and distributing advertisements to the computer. TDL3 Rootkit will hide its files and services on the infected computer system. TDL3 Rootkit will cause Google redirect problems; your search results will be redirected to suspicious websites. TDL3 Rootkit will also block you from accessing security-related websites. TDL3 Rootkit will slow down your Internet connection. TDL3 Rootkit is very hard to detect and remove by many anti-virus software.

Type: Rootkits

How Can You Detect TDL3 Rootkit?

Download SpyHunter’s Detection Scanner
to Detect TDL3 Rootkit.

Can’t install SpyHunter? Click here to view possible causes of installation issues.

TDL3 Rootkit Removal Details

TDL3 Rootkit has typically the following processes in memory:

  • C:\WINDOWS\system32\_VOID[RANDOM CHARACTERS].dll
  • C:\WINDOWS\system32\drivers\_VOID[RANDOM CHARACTERS].sys
  • C:\WINDOWS\SYSTEM32\DRIVERS\4DW4R3.sys
  • C:\WINDOWS\system32\uacinit.dll
  • C:\WINDOWS\SYSTEM32\4DW4R3[RANDOM CHARACTERS].dll
  • C:\WINDOWS\_VOID[RANDOM CHARACTERS]\_VOIDd.sys
  • C:\Documents and Settings\All Users\Application Data\_VOIDmainqt.dll
  • C:\WINDOWS\system32\UAC[RANDOM CHARACTERS].dll
  • C:\WINDOWS\SYSTEM32\4DW4R3c.dll
  • C:\WINDOWS\system32\drivers\UAC[RANDOM CHARACTERS].sys
  • C:\WINDOWS\SYSTEM32\DRIVERS\4DW4R3[RANDOM CHARACTERS].sys

TDL3 Rootkit creates the following files in the system:

  • C:\WINDOWS\system32\UAC[RANDOM CHARACTERS].dat
  • C:\WINDOWS\_VOID[RANDOM CHARACTERS]\
  • %Temp%\UAC[RANDOM CHARACTERS].tmp
  • C:\WINDOWS\system32\uactmp.db
  • C:\WINDOWS\SYSTEM32\4DW4R3sv.dat
  • C:\WINDOWS\Temp\_VOID[RANDOM CHARACTERS]tmp
  • C:\WINDOWS\system32\UAC[RANDOM CHARACTERS].db
  • C:\WINDOWS\system32\_VOID[RANDOM CHARACTERS].dat
  • C:\WINDOWS\Temp\UAC[RANDOM CHARACTERS].tmp
  • %Temp%\_VOID[RANDOM CHARACTERS].tmp

TDL3 Rootkit creates the following registry entries:

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\4DW4R3
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOID[RANDOM CHARACTERS]
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOIDd.sys
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UACd.sys

Important Article Disclaimer

ESG Support Center

This entry was last updated on 07/18/12 and posted on 07/18/12. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
« Mal/VB-AER
Windows Security Renewal »

Leave a Comment

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Popular Malware

Popular Trojans

Recent Malware

Home | SpyHunter Risk Assessment Model | Privacy Policy | End User License Agreement | Additional Terms and Conditions
Copyright 2003-2012. Enigma Software Group USA, LLC. All Rights Reserved.