This is a complex malware discovered on Nov,26 2009. Technically its called TDss.ZR.The spreading speed is medium but causes high damages found in variable sizes
EFFECTS OF TDSS TROJAN
Following actions upon execution:
- Creates a copy of itself in “%windir%\System32\spool\PRTPROCS\W32X86\” directory under the name “[random-number].tmp” and modifies the headers of the copy by setting the attributes related to a dll;
- Creates a driver file in “%windir%\Temp\" directory under the name “[random-number].tmp”
- Creates a copy of itself in “%Temp%” directory under the name “[random-number].tmp”
- Injects code in “spoolsv.exe” process in order to run with higher privileges, code which will load the dropped driver.
- The injected code will also communicate with different servers as: https://h4356***.cn, https://h9237***.cn, https://212.117.174.***, making the computer part of a botnet network and from now on it can download files, execute them and do many other malware related actions.
- Browser redirection and increased network activity.
HOW TO REMOVE TDSS TROJAN
It is recommended to download latest Antivirus with latest signatures to protect your pc
Bitdefender may be suitable to remove this virus.
No comments:
Post a Comment