TDL3 Rootkit

TDL3 Rootkit Description

The TDL3 Rootkit represents the third generation of the TDSS Rootkit, an extremely sophisticated infection that has infected millions of computer from all around the world. Like the original TDSS Rootkit, the TDL3 Rootkit can hijack Internet browsing and search results, cause random crashes and "blue screens of death", and make a computer system to become unstable and unresponsive. Most importantly, the TDL3 Rootkit offers hackers a way into your computer, which can turn it into a node in a botnet, or attack it directly with various kinds of malware. PC security researchers recommend that the removal of the TDL3 Rootkit should be done with specialized security programs. This is because the TDL3 Rootkit infects a computer at its deepest levels, making TDL3 Rootkit very difficult to be removed effectively.

The TDL3 Rootkit, an Invisible Threat on Your Computer

The TDL3 Rootkit is one of the most insidious infections on the Internet. One of the reasons for the huge amount of computers infected the TDL3 Rootkit is that fully updated anti-virus programs may not be enough to remove TDL3 Rootkit. The TDL3 Rootkit infects drivers, and in this case, TDL3 Rootkit can also corrupt very high-level Windows components, like the Master Boot Record kernel. This allows TDL3 Rootkit to run without being detected on the Windows Task Manager and create directories, files, and folders that are hidden from view. Some anti-virus programs may not be able to detect a TDL3 Rootkit infection, but may show a large number of corrupted files with the extension ".sys". This may also indicate a TDL3 Rootkit infection since this rootkit is known for corrupting system drivers.

How to Know Whether Your Computer is Infected by the TDL3 Rootkit

Even though TDL3 Rootkit does not show up in many anti-virus programs, the TDL3 Rootkit has easily-recognizable symptoms. Security analysts point to search engine hijacks as one of the main symptoms of this rootkit infection. For example, clicking on a result from a search on a search engine may redirect you to a completely different website, usually unsafe and with the potential for malware infections. This kind of redirection may also happen when entering a URL manually into the address bar. This is also a symptom of some viruses; however, the TDL3 Rootkit can also block computer security websites and block you from using your anti-malware programs.

Do You Suspect Your PC May Be Infected with TDL3 Rootkit & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like TDL3 Rootkit as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

File System Details

TDL3 Rootkit creates the following file(s):
# File Name
1 C:\WINDOWS\system32\_VOID[RANDOM CHARACTERS].dll
2 C:\WINDOWS\system32\drivers\_VOID[RANDOM CHARACTERS].sys
3 C:\WINDOWS\SYSTEM32\DRIVERS\4DW4R3.sys
4 C:\WINDOWS\system32\uacinit.dll
5 C:\WINDOWS\SYSTEM32\4DW4R3[RANDOM CHARACTERS].dll
6 C:\WINDOWS\_VOID[RANDOM CHARACTERS]\_VOIDd.sys
7 C:\Documents and Settings\All Users\Application Data\_VOIDmainqt.dll
8 C:\WINDOWS\system32\UAC[RANDOM CHARACTERS].dll
9 C:\WINDOWS\SYSTEM32\4DW4R3c.dll
10 C:\WINDOWS\system32\drivers\UAC[RANDOM CHARACTERS].sys
11 C:\WINDOWS\SYSTEM32\DRIVERS\4DW4R3[RANDOM CHARACTERS].sys
12 C:\WINDOWS\system32\UAC[RANDOM CHARACTERS].dat
13 C:\WINDOWS\_VOID[RANDOM CHARACTERS]\
14 %Temp%\UAC[RANDOM CHARACTERS].tmp
15 C:\WINDOWS\system32\uactmp.db
16 C:\WINDOWS\SYSTEM32\4DW4R3sv.dat
17 C:\WINDOWS\Temp\_VOID[RANDOM CHARACTERS]tmp
18 C:\WINDOWS\system32\UAC[RANDOM CHARACTERS].db
19 C:\WINDOWS\system32\_VOID[RANDOM CHARACTERS].dat
20 C:\WINDOWS\Temp\UAC[RANDOM CHARACTERS].tmp
21 %Temp%\_VOID[RANDOM CHARACTERS].tmp

Registry Details

TDL3 Rootkit creates the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\4DW4R3
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOID[RANDOM CHARACTERS]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOIDd.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UACd.sys

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their PC with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.