Backdoor.TDSS Description

Backdoor.TDSS is a malicious parasite that operates in secret and may in fact be associated with rogue anti-spyware application Antivirus 2009. Backdoor.TDSS is typically downloaded and installed onto your computer through vulnerabilities in the security software. Once inside your system, Backdoor.TDSS will embed itself into the registry in order to open unsecured remote access to an outside party in order for them to gain access to your computer and all personal information data stored on it.

Aliases: Trojan/Win32.Hiloti [AhnLab-V3], TrojanDownloader.Mufanom.hqd, Gen:Variant.Hiloti.1 [BitDefender], Hiloti.gen.e [McAfee], Hiloti.BC [AVG], TrojanDownloader.Mufanom.hdk, Trojan.Win32.Hiloti [Ikarus], TrojanDownloader.Mufanom.hgy, Trojan.Win32.Hiloti!IK, Hiloti.BD [AVG], Trojan.Hiloti [Ikarus], Trojan.Win32.Hiloti.aa (v) [Sunbelt], TrojanDownloader.Mufanom.hgc, Win32/FakeAV.I!generic [eTrust-Vet] and Trojan.Hiloti!IK.

Technical Information

File System Details

Backdoor.TDSS creates the following file(s):
# File Name Size MD5 Detection Count
1 %LOCALAPPDATA%aswdwi2.dll 73,216 a07fd1af85d17411ee5c6d180cc11066 7
2 %LOCALAPPDATA%hFWiopl7.dll 76,288 243c2c0ba2ec68df66645eea5393e0b4 6
3 %WINDIR%csfl32.dll 73,216 3453b5a8b7b9c66be79f85fc8ae06789 1
4 %LOCALAPPDATA%wpscrict.dll 74,240 8f65644223a04d8393a460ebeee38a17 1
5 %LOCALAPPDATA%KBDHReo.dll 73,728 4574adfe1adb6fd636c71aa06b309cff 1
6 %WINDIR%wdbgmeg.dll 73,728 69fe1c421f3c55abc7a66923b1d5c20a 1
7 %WINDIR%kcat432.dll 76,800 68f1e7437c3fece769937c4b8cb3bc15 1
8 %WINDIR%kbdmsid.dll 74,752 1d62f636ac023971f898fb11061af152 1
9 googletoolbar_download.exe 61,440 1bc09e91c70a6a9ccbaae4d27ce71ca6 0
10 kbiwkmvttkqppj.dll 19,968 8966eb3f8a03c014426def4449312ea2 0
11 gasfkydovvwqoh.dll 19,456 01a45c33177509afc09d99bf05998639 0
12 ktk57D9.tmp.exe 467,456 a34d514b84b97d75c54584dcb690b292 0
13 wow64main.exe 1,257,472 35c1926d4b4cc0d9fb1124e45f880f79 0
14 wscsvc32.exe 1,002,496 09ea9196890c912a2cf040498ed63a56 0
15 svhost.exe 3,057,152 26ee3cfeba083c8b60fea7c3a4c618ae 0
16 iemodule.dll 2,632,704 79a19899cf8b2dcbdb87962bf22701f8 0
17 clspackxq.exe 671,744 70f6b2522ecf2e51b98e737fdb3cf81e 0
18 Installer.exe 489,472 ba211925f478dc1f052dabff6b2f79ec 0
19 settdebugx.exe 716,800 6a0455f0f540568d085db66b71803cfa 0
20 twunk_32x.exe 712,704 4cef8d106ee726d4fdb7774940b792f3 0
21 winhbt.exe 38,400 528e550562c2acc02885c29dca6e092c 0
22 cliconfg64.exe 712,704 e426729030aebc15a65994819dce721f 0
23 winhlp64.exe 558,592 612b07594fc7b4b031db01c5a133d330 0
24 mplay32xe.exe 258,560 550d82300b5126d7b00cf4aede871d7e 0
25 wsdkrlxp.exe 389,120 b863bbb6f80af43484f1ec384f36f0ef 0
26 D.tmp 50,176 3f3440ea64eee1ddbe1a1a6b063105b9 0
More files

Registry Details

Backdoor.TDSS creates the following registry entry or registry entries:
Regexp file mask
%SystemRoot%\System32\TDSS[RANDOM CHARACTERS].dat
%SystemRoot%\System32\TDSS[RANDOM CHARACTERS].dll

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

HTML is not allowed.