Home / Spyware Encyclopedia / Rootkit.TDSS << Back

Recommendation to Automatically remove Rootkit.TDSS


Our products can remove Rootkit.TDSS and thousands of other Virus and Spyware automatically and instantly.

Rootkit.TDSS Details


  • Category Rootkit
  • Discovered 2/12/2009 11:17:09 AM
  • Modified 8/9/2023 3:10:10 PM
  • Threat Level Critical
  • Category Description
    A Rootkit is a collection of tools (programs) that enable administrator-level (root) access to a computer or computer network. A Rootkit may consist of spyware and other programs that: monitor traffic and keystrokes; create a "backdoor" into the system for the hacker's use; alter log files; attack other machines on the network; and alter existing system tools to escape detection. They are usually hidden and difficult to clean as they ingranulate deeply within the Registry and system files.

The following Files were created:
VALUEFILESIZECOMPANYNAMEVERSIONSIGNATUREDate
IETimber.dll 193912????????1.0.0.136c56c0f69df06f8184d3ef0b96b907c 
42713bcc.exe 31744  fded68a6159d31c70fbd39629dde9d6b 
22890500.EXE 30208  fba17b73fdac17c8a8bdc84d21965e19 
2341B151.DLL 9082  fa87a1d850564dbfa008ec5ecfa03b72 
37CA12D6.EXE 30720  f4af1b155d7842a48a4c0f2848f4a5c5 
FFC044AF.EXE 36864  eb6806cf0658773e6259d5f57a496a3c 
C86DC8AD.DLL 9082  eb5dc246eefbf855ad0b14db7f9f0c2c 
10943051.EXE 82645  e8f4c9fdcbb3fec90136d2355bdb7232 
dosss11.dll 69632  e69e4e63b98ba6408a4ac42a9997922b 
DB339896.DLL 9082  e562512cd85f4817364c5d825e2a570a 

The following Registry Entries were created:
..\Software\Classes\globalview\(Default)
..\Software\Microsoft\Windows\CurrentVersion\Run\\"systemguard"\"%DAS.AU.LS%\Temp\5FF1782F.EXE"
..\Software\Microsoft\Windows\CurrentVersion\Uninstall\intav_is1\(Default)
..\Software\Microsoft\Windows\CurrentVersion\Run\\"Internet Antivirus Pro"\"%PF%\\Internet Antivirus Pro\IAPro.exe" /s "
..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.EXE\(Default)
..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsnetsvr.EXE\(Default)
..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\naPrdMgr.EXE\(Default)
..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.EXE\(Default)
..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.EXE\(Default)
..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.EXE\(Default)

Notice
Please note that the following information is not controlled or endorsed by Max Secure Software. They are captured automatically by tools in our malware Research Lab as a result of executing Spyware Files or browsing Internet in virtual environment. Please contact us if you find any information inappropriate for removal. All the work contained in this report is copyrighted and should not be copied without permission from Max Secure Antivirus. We do not recommend browsing or removing these entries on your own manually. We do not take any warranty against the use or result of the use of this information.

Home / Malware Encyclopedia << Back

Max Total Security can detect & quarantine this Malware


Useful Links

Copyright © 2022 Max Secure Software. All rights reserved.