Loading ...|
|
Tweet |  More |
TDSServ Description
TDSServ is a Trojan that corrupts vulnerable computers via malicious downloads. TDSServ exploits the security weaknesses of the Windows and distributes rogue anti-spyware and anti-virus programs to the targeted computer. TDSServ allows attackers to gain remote access and control over the compromised PCs; therefore, TDSServ can steal tour personal information and use it for malicious actions. TDSServ can also disable legitimate security applications on the infected computer system. TDSServ may delete files, slow down computer and drop other malware infections onto the targeted computer system.
Type: Trojans
How Can You Detect TDSServ?
TDSServ Removal Details
TDSServ has typically the following processes in memory:
- C:\Windows\System32\TDSSl.dll
- C:\Windows\System32\TDSSlog.dll
- C:\Windows\System32\TDSSinit.dll
- C:\Windows\System32\drivers\TDSSpaxt.sys
- C:\Windows\System32\drivers\TDSS[RANDOM CHARACTERS].sys
- C:\Windows\System32\TDSSpopup.dll
- C:\Windows\System32\TDSSmain.dll
- C:\Windows\System32\drivers\TDSSmqlt.sys
- C:\Windows\System32\TDSS[RANDOM CHARACTERS].sys
- C:\Windows\System32\TDSSserv.sys
- C:\Windows\System32\TDSSadw.dll
- C:\Windows\System32\drivers\TDSSoeqh.sys
TDSServ creates the following files in the system:
- C:\Windows\System32\TDSS[RANDOM CHARACTERS].log
- C:\Windows\System32\TDSSlog.
- C:\Windows\System32\TDSStkdu.log
- C:\Windows\System32\TDSS[RANDOM CHARACTERS].tmp
- C:\Windows\System32\TDSSerrors.log
- C:\Windows\System32\TDSStkdv.log
- C:\Windows\System32\TDSSproc.log
- C:\Windows\System32\TDSS[RANDOM CHARACTERS].dat
- C:\Windows\System32\TDSSservers.dat
- C:\Windows\System32\TDSSosvn.dat
- C:\Windows\System32\TDSSkkai.log
TDSServ creates the following registry entries:
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDSServ.sys
- HKEY_LOCAL_MACHINE\SOFTWARE\TDSS\”type” = “popup”
- HKEY_LOCAL_MACHINE\SOFTWARE\TDSS\version
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata\”affid” = “39″
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSServ.sys
- HKEY_LOCAL_MACHINE\SOFTWARE\TDSS\”serversdown” = “1″
- HKEY_LOCAL_MACHINE\SOFTWARE\TDSS\”build” = “standart”
- HKEY_LOCAL_MACHINE\SOFTWARE\TDSS\disallowed
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSServ
- HKEY_LOCAL_MACHINE\SOFTWARE\TDSS\injector
- HKEY_LOCAL_MACHINE\SOFTWARE\TDSS\connections
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata\”asubid” = “v2test7″
Important Article Disclaimer
This entry was last updated on 07/26/12 and posted on 07/26/12.
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
TDSServ
Leave a Comment
Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.