Threat Database Rootkits TDL3 Rootkit

TDL3 Rootkit

By Domesticus in Rootkits

The TDL3 Rootkit represents the third generation of the TDSS Rootkit, an extremely sophisticated infection that has infected millions of computer from all around the world. Like the original TDSS Rootkit, the TDL3 Rootkit can hijack Internet browsing and search results, cause random crashes and "blue screens of death", and make a computer system to become unstable and unresponsive. Most importantly, the TDL3 Rootkit offers hackers a way into your computer, which can turn it into a node in a botnet, or attack it directly with various kinds of malware. PC security researchers recommend that the removal of the TDL3 Rootkit should be done with specialized security programs. This is because the TDL3 Rootkit infects a computer at its deepest levels, making TDL3 Rootkit very difficult to be removed effectively.

The TDL3 Rootkit, an Invisible Threat on Your Computer

The TDL3 Rootkit is one of the most insidious infections on the Internet. One of the reasons for the huge amount of computers infected the TDL3 Rootkit is that fully updated anti-virus programs may not be enough to remove TDL3 Rootkit. The TDL3 Rootkit infects drivers, and in this case, TDL3 Rootkit can also corrupt very high-level Windows components, like the Master Boot Record kernel. This allows TDL3 Rootkit to run without being detected on the Windows Task Manager and create directories, files, and folders that are hidden from view. Some anti-virus programs may not be able to detect a TDL3 Rootkit infection, but may show a large number of corrupted files with the extension ".sys". This may also indicate a TDL3 Rootkit infection since this rootkit is known for corrupting system drivers.

How to Know Whether Your Computer is Infected by the TDL3 Rootkit

Even though TDL3 Rootkit does not show up in many anti-virus programs, the TDL3 Rootkit has easily-recognizable symptoms. Security analysts point to search engine hijacks as one of the main symptoms of this rootkit infection. For example, clicking on a result from a search on a search engine may redirect you to a completely different website, usually unsafe and with the potential for malware infections. This kind of redirection may also happen when entering a URL manually into the address bar. This is also a symptom of some viruses; however, the TDL3 Rootkit can also block computer security websites and block you from using your anti-malware programs.

File System Details

TDL3 Rootkit may create the following file(s):
# File Name Detections
1. C:\WINDOWS\system32\_VOID[RANDOM CHARACTERS].dll
2. C:\WINDOWS\system32\drivers\_VOID[RANDOM CHARACTERS].sys
3. C:\WINDOWS\SYSTEM32\DRIVERS\4DW4R3.sys
4. C:\WINDOWS\system32\uacinit.dll
5. C:\WINDOWS\SYSTEM32\4DW4R3[RANDOM CHARACTERS].dll
6. C:\WINDOWS\_VOID[RANDOM CHARACTERS]\_VOIDd.sys
7. C:\Documents and Settings\\Application Data\_VOIDmainqt.dll
8. C:\WINDOWS\system32\UAC[RANDOM CHARACTERS].dll
9. C:\WINDOWS\SYSTEM32\4DW4R3c.dll
10. C:\WINDOWS\system32\drivers\UAC[RANDOM CHARACTERS].sys
11. C:\WINDOWS\SYSTEM32\DRIVERS\4DW4R3[RANDOM CHARACTERS].sys
12. C:\WINDOWS\system32\UAC[RANDOM CHARACTERS].dat
13. C:\WINDOWS\_VOID[RANDOM CHARACTERS]\
14. %Temp%\UAC[RANDOM CHARACTERS].tmp
15. C:\WINDOWS\system32\uactmp.db
16. C:\WINDOWS\SYSTEM32\4DW4R3sv.dat
17. C:\WINDOWS\Temp\_VOID[RANDOM CHARACTERS]tmp
18. C:\WINDOWS\system32\UAC[RANDOM CHARACTERS].db
19. C:\WINDOWS\system32\_VOID[RANDOM CHARACTERS].dat
20. C:\WINDOWS\Temp\UAC[RANDOM CHARACTERS].tmp
21. %Temp%\_VOID[RANDOM CHARACTERS].tmp

Registry Details

TDL3 Rootkit may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\4DW4R3
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOID[RANDOM CHARACTERS]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOIDd.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UACd.sys

Trending

Most Viewed

Loading...