Home / Spyware Encyclopedia / Rootkit.TDSS << Back

Recommendation to Automatically remove Rootkit.TDSS


Our products can remove Rootkit.TDSS and thousands of other Virus and Spyware automatically and instantly.

Rootkit.TDSS Details


  • Category Rootkit
  • Discovered 5/14/2009 4:01:39 PM
  • Modified 9/5/2024 12:13:03 PM
  • Threat Level Critical
  • Category Description
    A Rootkit is a collection of tools (programs) that enable administrator-level (root) access to a computer or computer network. A Rootkit may consist of spyware and other programs that: monitor traffic and keystrokes; create a "backdoor" into the system for the hacker's use; alter log files; attack other machines on the network; and alter existing system tools to escape detection. They are usually hidden and difficult to clean as they ingranulate deeply within the Registry and system files.

The following Files were created:
VALUEFILESIZECOMPANYNAMEVERSIONSIGNATUREDate
IETimber.dll 193912????????1.0.0.136c56c0f69df06f8184d3ef0b96b907c 
IAPro.exe 1286656 1.0.1.809349790722815e3fab3a3c839e42ddaeb 
IAPro.exe 1319424 1.0.1.801c0ed71f5b9e515d1d04db00377a9ca2f 
IAPro.exe 1319424 1.0.1.800e76337a0b2cd7b93c5a1aca9ca7700ca 
IV.EXE 35328  ff65beed59e02104281319e36e7b7c02 
3EBBFA9D.DLL 25088  fdfe15a4a75a344d967595a9be6be91f 
C5BCFC8B.EXE 27648  fd9b0566978f4198a07d3f1caeb3ba50 
35cf37aa.exe 126976  fcf5794eebe1cc042febbb2780adf516 
6A100BCA.EXE 30720  fcdaa9f763ca24548eb5021fa322d75b 
4DA01BB5.DLL 9082  fb99104e941a27c0f41dd399cd8aeba1 

The following Registry Entries were created:
..\Software\Classes\globalview\(Default)
..\Software\Microsoft\Windows\CurrentVersion\Run\\"systemguard"\"%DAS.AU.LS%\Temp\5FF1782F.EXE"
..\Software\Microsoft\Windows\CurrentVersion\Uninstall\intav_is1\(Default)
..\Software\Microsoft\Windows\CurrentVersion\Run\\"Internet Antivirus Pro"\"%PF%\\Internet Antivirus Pro\IAPro.exe" /s "
..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.EXE\(Default)
..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsnetsvr.EXE\(Default)
..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\naPrdMgr.EXE\(Default)
..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.EXE\(Default)
..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.EXE\(Default)
..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.EXE\(Default)

Notice
Please note that the following information is not controlled or endorsed by Max Secure Software. They are captured automatically by tools in our malware Research Lab as a result of executing Spyware Files or browsing Internet in virtual environment. Please contact us if you find any information inappropriate for removal. All the work contained in this report is copyrighted and should not be copied without permission from Max Secure Antivirus. We do not recommend browsing or removing these entries on your own manually. We do not take any warranty against the use or result of the use of this information.

Home / Malware Encyclopedia << Back

Max Total Security can detect & quarantine this Malware


Useful Links

Copyright © 2022 Max Secure Software. All rights reserved.