Rootkit.TDSS

Rootkit.TDSS Description

The TDSS Rootkit has become extremely widespread since TDSS Rootkit's beginnings in 2008. PC security analysts indicate that this rootkit presents exceptional difficulties for TDSS Rootkit's study and treatment because of TDSS Rootkit's very nature. The TDSS Rootkit infects drivers, meaning that TDSS Rootkit is loaded before the operating system itself. This implies an infection that is very deep and very challenging to remove. Usually, specialized tools are needed to detect and remove the TDSS Rootkit from an infected computer system.

The History of the TDSS Rootkit

The first versions of the TDSS Rootkit are known as TDL-1 or Rootkit.Win32.Clbd.a, because of TDSS Rootkit's ability to infect the driver clbdriver-sys and the clbdll.dll DLL file. Some parts of the original TDSS Rootkit remain in today's newest versions of this extremely dangerous infection. TDL-1 has the capability of hiding itself and other files, executing high-level functions, and injecting malicious code. The TDSS Rootkit also protects itself by displaying an error message reading "STATUS_TOO_MANY_SECRETS" when trying to open the directories needed to remove this rootkit.

The next version of the TDSS Rootkit, TDL-2 made its appearance in spring of 2009. Its main feature is that the rootkit was encrypted to make it much harder for security researchers to analyze TDSS Rootkit. The hackers behind the TDSS Rootkit also included random segments from Shakespeare's Hamlet to confuse researchers further.

In the autumn of 2009, the next generation of the TDSS Rootkit started appearing. Security researchers indicate that the TDL-3 generation of the TDSS Rootkit is particularly malignant and especially hard to remove. The main trouble with TDL-3 is the fact the hackers behind it update TDSS Rootkit constantly. There is a constant arms race between the PC security experts and the hackers; with each advancement in anti-rootkit technology, the hackers release a new update to undo it.

The TDSS Rootkit and Online Scams

Hackers use the TDSS Rootkit to make money through affiliate marketing. While affiliate marketing can be a completely legal activity, the hackers' version of affiliate marketing involves attracting visitors and unwary victims to infected websites associated with various kinds of malware. The TDSS Rootkit is also strongly related to large botnets, typically with a number close to twenty thousand infected computers, which are sold or rented out to criminal organizations. The creators of the TDSS Rootkit are thought to be from the Russian Federation. The TDSS Rootkit botnets have been used for a wide range of criminal activities, from DDoS attacks to sending massive amounts of spam emails.

Aliases: DNSChanger!dd [McAfee+Artemis], Generic Trojan [Panda], Trojan.Agent.ATV [CAT-QuickHeal], Trojan/Olmarik.sr [TheHacker], Trojan.Alureon.MIZ [VirusBuster], a variant of Win32/Olmarik.SR [NOD32], Win32:Jifas-DT [Avast], Trojan.Generic.3238155 [BitDefender], TR/Agent.42496.27 [AntiVir], BKDR_TIDIES.SMA [TrendMicro], Mal/Generic-A [Sophos], Hacktool.Rootkit [Symantec], Generic16.BRWH [AVG], TR/Crypt.XPACK.Gen3 [AntiVir] and Win32/ASuspect.HGOJO [eTrust-Vet].

Infected with Rootkit.TDSS? Scan Your PC

Download SpyHunter's Spyware Scanner
to Detect Rootkit.TDSS * SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

File System Details

Rootkit.TDSS creates the following file(s):
# File Name Size MD5 Detection Count
1 %WINDIR%\PRAGMAixjipouowq\PRAGMAd.sys 44,544 4a2dccdd2a14acce0dc2bcfc01b01b15 46
2 %WINDIR%\System32\drivers\_VOIDhrotxiltat.sys 42,496 89b56f6143f7c1ad44cd10f46700b9da 31
3 %WINDIR%\system32\diskchk.sys 2,432 e94d859753bb68f113b88e8b78607776 11
4 %WINDIR%\system32\tcppid.sys 2,304 c72311b8d604a3e3e9b36df733f30843 7
5 %WINDIR%\system32\isaxbox.sys 2,304 5a7eef7dcdae6912afe7f50983d5520f 5

Site Disclaimer

(25 votes, average: 2.76 out of 5)
Loading...Loading...
User Rating:
By GoldSparrow in Rootkits
Translate To: Português
Share:
Threat Scorecard
?
The ESG Threat Scorecard is an assessment report that is given to every malware threat that has been collected and analyzed through our Malware Research Center. The ESG Threat Scorecard evaluates and ranks each threat by using several metrics such as trends, incidents and severity over time.

In addition to the effective scoring for each threat, we are able to interpret anonymous geographic data to list the top three countries infected with a particular threat. The data used for the ESG Threat Scorecard is updated daily and displayed based on trends for a 30-day period. The ESG Threat Scorecard is a useful tool for a wide array of computer users from end users seeking a solution to remove a particular threat or security experts pursuing analysis and research data on emerging threats.

Each of the fields listed on the ESG Threat Scorecard, containing a specific value, are as follows:

Ranking: The current ranking of a particular threat among all the other threats found on our malware research database.

Threat Level: The level of threat a particular PC threat could have on an infected computer. The threat level is based on a particular threat's behavior and other risk factors. We rate the threat level as low, medium or high. The different threat levels are discussed in the SpyHunter Risk Assessment Model.

Infected PCs: The number of confirmed and suspected cases of a particular threat detected on infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter's Spyware Scanner.

% Change: The daily percent change in the frequency of infected PCs of a specific threat. The formula for percent changes results from current trends of a specific threat. An increase in the rankings of a specific threat yields a recalculation of the percentage of its recent gain. When a specific threat's ranking decreases, the percentage rate reflects its recent decline. For a specific threat remaining unchanged, the percent change remains in its current state. The % Change data is calculated and displayed in three different date ranges, in the last 24 hours, 7 days and 30 days. Next to the percentage change is the trend movement a specific malware threat does, either upward or downward, in the rankings. Each level of movement is color coded: a green up-arrow (∧) indicates a rise, a red down-arrow (∨) indicates a decline, and a brown equal symbol (=) indicates no change or plateaued.

Top 3 Countries Infected: Lists the top three countries a particular threat has targeted the most over the past month. This data allows PC users to track the geographic distribution of a particular threat throughout the world.
Ranking: N/A
Threat Level: 8
Infected PCs: 274
% Change 30 Days:
0%
7 Days:
0%
1 Day:
-9%

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 8 + 7 ?