TDL4 Rootkit

TDL4 Rootkit Description

The TDSS Rootkit evolves constantly. PC security researchers have issued a warning against the newest variant of the TDSS Rootkit, the TDL4 Rootkit. This new version of the TDSS Rootkit first appeared in the summer of 2010 and has updated the TDSS Rootkit's methods to enable it to infect computers with 64-bit Windows operating system. While these 64-bit operating systems offered protection against rootkits, criminals are constantly finding new ways to break these protections. It is particularly worrying that the technology behind the TDL4 Rootkit presents a prospect of future malware that is even more difficult to remove than present day infections. Because of this, anti-malware technologies are now evolving to focus on preventing infection in the first place.

How Hackers Make Money Using the TDL4 Rootkit

Since early 2011, there has been a marked rise in malware threats capable of infecting 64-bit operating systems. As more people start using these operating systems, the hackers meet this new demand by releasing sophisticated malware, designed to infect these 64-bit platforms. The TDL4 Rootkit now gives hackers the ability to infect 64-bit operating systems, leading to the various criminal uses related to the TDSS family of rootkits. These include making money through malware and rogue security programs, blackmailing users with ransomware and integrating infected computers into large botnets. The TDL4 Rootkit has been associated with a large number of infected computers in the United States, which are particularly lucrative for cybercriminals. Computers in a TDL4 botnet are typically sold or rented to criminal organizations for use in DDoS attacks and sending spam emails.

Removal of the TDL4 Rootkit

Rootkits in the TDSS family, like the TDL4 Rootkit, are difficult to remove. This is because these rootkits infect a computer system on a very deep level, directly corrupting the computer's drivers. Because of this, PC security researchers recommend using a specialized tool to remove the TDL4 Rootkit. Most importantly, this kind of harmful infection does not come along. The TDL4 Rootkit is often used in conjunction with Trojans or other kinds of malware. If you have recently removed a malware application from your computer (e.g. adware, Trojans, spyware, worms, or rogue security programs), PC security researchers strongly advise searching for a possible TDL4 Rootkit infection. Computers with a 64-bit Windows operating system are especially vulnerable to the TDL4 Rootkit, as it has been specifically engineered to infect these kinds of systems.

Technical Information

Registry Details

TDL4 Rootkit creates the following registry entry or registry entries:
RegistryKey
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\4DW4R3
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOID[RANDOM CHARACTERS]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOIDd.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UACd.sys

One Comment

  • Titan:

    I've learn a few excellent stuff here. Certainly value bookmarking for revisiting. I surprise how a lot attempt you set to create the sort of fantastic informative website.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.