Click on screenshot to zoom
Danger level 8
Type: Trojans
Common infection symptoms:
  • Shows commercial adverts
  • Normal system programs crash immediatelly
  • System crashes
  • Cant change my homepage
  • Slow Computer

Backdoor.TDSS

If you think that your system is acting in an unusual way, it is highly likely that Backdoor.TDSS is getting ready to attack your system in full-power. This sinister Trojan can travel to your Windows system in various invasion ways, but it is highly likely to catch it via an encrypted download or an infected USB device. Cyber criminals, behind Backdoor.TDSS and all of its components, will use this detrimental Trojan as a tool to copy your files, steal your sensitive information and fool you with non-existent threats.
Such famous rogue antispywares as Doctor Antivirus and Antivirus 2009 are known to be carried by Trojan Backdoor.TDSS, so if you notice any strange computer scanners with such names, know that you are infected with malware, which is only after your money! If you have not yet encountered such tools, it will not take much longer before your system becomes beleaguered with them, so hurry up and find a way to remove Backdoor.TDSS from your system!

A Trojan is a type of malware, which intimidates all PC users, but what most people do not know about this vicious application, is that such examples as Backdoor.TDSS carry multiple malignant files behind one single name. In reality, different infection’s components are highly important for smooth infection’s running, and the first step to removing Backdoor.TDSS is detecting and deleting all of its malignant files. To show you how different components work together, see how four simple executable files can crash your system in no time!

• Winlogon.exe is responsible for adding infection’s RUN key to Windows system start-up, to initiate Backdoor.TDSS right after you turn on your PC. This malignant component can also restrict access to Registry Editor, which will make it difficult for you to remove Backdoor.TDSS’s processes.
• Serices.exe is the executable, which modifies your system’s security settings and removes your privileges to accessing real information, as all legitimate alerts and notifications will be stopped or removed from being displayed. Moreover, your Windows Updates will be disabled, so that your system would lose any possible protection.
• Once Backdoor.TDSS is hidden from security detection, installer.exe will hijack existing processes, copy and delete files, connect to Internet (without your knowledge), install BHO (browser helper object) to record your browsing habits, create Internet Explorer file extensions and will connect to remote systems.
• Because of aforementioned files’ performance, svchost.exe, another Backdoor.TDSS component will be able to use your accounts and details to spread the infection through spam emails or web chats, linked to your PC. The Trojan will also infect your USB ports to spread your infection through removable devices.

Backdoor.TDSS is composed of all these malignant files in order to perform in a fast and latent attack, after which you would not even realize that your system had been attacked by highly dangerous malware. Nonetheless, Backdoor.TDSS, and its carried Doctor Antivirus or Antivirus 2009 are highly dangerous, and if you treat any of them as low-risk threats, soon enough you will regret trusting programs, which will simply drag out your money and leave your details exposed to cyber criminals. To avoid this from happening to you too, remove Backdoor.TDSS as soon as possible, and to do this trust legitimate AV tools, because only they will be able to delete the cunning Trojan.

Download Spyware Removal Tool to Remove* Backdoor.TDSS
  • Quick & tested solution for Backdoor.TDSS removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Backdoor.TDSS

Files associated with Backdoor.TDSS infection:

TDSSliqp.dll
file.exe,winlogon.exe
KBDHReo.dll
iemodule.dll
install[1].exe
cliconfg64.exe
kcat432.dll
D.tmp
osajuhzzwtyo.dll
%SystemRoot%\System32\drivers
eventcreatexp.exe
twunk_32x.exe
TDSSmhxt.sys
UACyctgyibvpiextci.dll
clspackxq.exe
svhost.exe
settdebugx.exe
csfl32.dll
kbiwkmvttkqppj.dll
TDSSmaxt.sys
TDSSnrsr.dll
TDSSoeqh.dll
winlogon.exe
UACqkppyodbawkldgu.dll
wscsvc32.exe
tdssadw.dll
%SystemRoot%\System32
hFWiopl7.dll
gasfkydovvwqoh.dll
UACnqxnsethfqsyxcr.dll
TDSSmhct.sys
file.exe, winlogon.exe
aswdwi2.dll
winhlp64.exe
mscdexnt.exe
lonv32.dll
iv.exe
winhbt.exe
mplay32xe.exe
lasmcnyjaa.dll
kbdmsid.dll
TDSSriqp.dll
wpscrict.dll
svchost.exe
wsdkrlxp.exe
TDSSosvn.dat
mdqhqxcejju.dll
googletoolbar_download.exe
wow64main.exe
ytasfwkoslyqdk.dll
UACqxtiekcnbouoins.dll
TDSSnrse.dll
%TEMP%
wdbgmeg.dll
Installer.exe
TDSSfpmp.dll
gasfkyfpcrnmxg.dll
TDSSciou.dll
TDSSosvd.dll, TDSSofxh.dll
UACwusibnevxscvntv.dll
ktk57D9.tmp.exe
wdbgmeg.dll
lonv32.dll
kcat432.dll
kbdmsid.dll
KBDHReo.dll
hFWiopl7.dll
csfl32.dll
aswdwi2.dll
UACyctgyibvpiextci.dll
UACwusibnevxscvntv.dll
UACqxtiekcnbouoins.dll
UACqkppyodbawkldgu.dll
UACnqxnsethfqsyxcr.dll
twunk_32x.exe
TDSSosvd.dll, TDSSofxh.dll
osajuhzzwtyo.dll
mplay32xe.exe
mdqhqxcejju.dll
lasmcnyjaa.dll
kbiwkmvttkqppj.dll
iv.exe
file.exe,winlogon.exe
file.exe, winlogon.exe
D.tmp
mscdexnt.exe
wsdkrlxp.exe
eventcreatexp.exe
winhlp64.exe
cliconfg64.exe
winhbt.exe
Installer.exe
settdebugx.exe
clspackxq.exe
iemodule.dll
svhost.exe
services.exe
TDSSmhct.sys
TDSSliqp.dll
TDSSmhxt.sys
TDSScfgb.dll
TDSSciou.dll
TDSSnrse.dll
TDSSfpmp.dll
TDSSoeqh.dll
TDSSriqp.dll
TDSSmaxt.sys
TDSSnrsr.dll
TDSScfub.dll
wscsvc32.exe
wow64main.exe
ktk57D9.tmp.exe
gasfkydovvwqoh.dll
gasfkyfpcrnmxg.dll
googletoolbar_download.exe
ytasfwkoslyqdk.dll
hapldpbpoz.dll
tdssadw.dll
svchost.exe
UACd.sys
winlogon.exe
file.exe
imod3.dll
vvunbwrhxa.exe
AntivirusXP.exe
winlogin.exe
oqarib.dll
cvucujahoza.dll
uxeqipuzimocin.dll
1462403437.exe
9179499.exe
fwanqtvosgmeh.dll
duzfajdjnnyxethwo.dll
i386si.sys
Hyves_Browser_Instalation.exe
Hyves_Browser.exe
loader[1].exe
Test.exe
28823330.exe
ieupdates.exe
SetupAntivirusXP[1].exe
281681216.exe
new26[1].exe
adv111[1].exe
gr[2].exe
new23[1].exe
Omahonafazeq.dll
usp10.dll
ntos.exe
free_scan.exe
sysguardn.exe
1[1].exe
StartApp.exe
SSEngine.dll
AdwarePro_Setup[1].exe
AdwarePro.exe
ert51791.exe
card[1].exe
TckBX673.exe
winkfmc.exe
ParisHilton[1].exe
winafoe.exe
load[1].exe
iii[1].exe
vamsoft.exe
bd3q0qix.exe
bnmio.exe
~tmpa.exe
setupapi.dll
ati8quxx.sys
install[1].exe
TDSSosvn.dat
hapldpbpoz.dll
TDSScfub.dll
TDSScfgb.dll
services.exe

Backdoor.TDSS DLL's to remove:

iemodule.dll
TDSSnrse.dll
TDSSnrsr.dll
osajuhzzwtyo.dll
lonv32.dll
aswdwi2.dll
kbdmsid.dll
kbiwkmvttkqppj.dll
hFWiopl7.dll
ytasfwkoslyqdk.dll
TDSSfpmp.dll
kcat432.dll
KBDHReo.dll
UACqkppyodbawkldgu.dll
TDSScfub.dll
TDSSosvd.dll, TDSSofxh.dll
wdbgmeg.dll
UACnqxnsethfqsyxcr.dll
hapldpbpoz.dll
UACyctgyibvpiextci.dll
TDSScfgb.dll
gasfkydovvwqoh.dll
csfl32.dll
gasfkyfpcrnmxg.dll
TDSSciou.dll
wdbgmeg.dll
lonv32.dll
kcat432.dll
kbdmsid.dll
KBDHReo.dll
hFWiopl7.dll
csfl32.dll
aswdwi2.dll
UACyctgyibvpiextci.dll
UACwusibnevxscvntv.dll
UACqxtiekcnbouoins.dll
UACqkppyodbawkldgu.dll
UACnqxnsethfqsyxcr.dll
TDSSosvd.dll, TDSSofxh.dll
osajuhzzwtyo.dll
mdqhqxcejju.dll
lasmcnyjaa.dll
kbiwkmvttkqppj.dll
iemodule.dll
TDSScfgb.dll
TDSSciou.dll
TDSSnrse.dll
TDSSfpmp.dll
TDSSoeqh.dll
TDSSriqp.dll
TDSSnrsr.dll
TDSScfub.dll
gasfkydovvwqoh.dll
gasfkyfpcrnmxg.dll
ytasfwkoslyqdk.dll
hapldpbpoz.dll
tdssadw.dll
imod3.dll
oqarib.dll
cvucujahoza.dll
uxeqipuzimocin.dll
fwanqtvosgmeh.dll
duzfajdjnnyxethwo.dll
Omahonafazeq.dll
usp10.dll
SSEngine.dll
setupapi.dll
TDSSliqp.dll
lasmcnyjaa.dll
UACwusibnevxscvntv.dll
UACqxtiekcnbouoins.dll
mdqhqxcejju.dll
wpscrict.dll
TDSSoeqh.dll
tdssadw.dll
TDSSliqp.dll
TDSSriqp.dll

Backdoor.TDSS processes to kill:

file.exe,winlogon.exe
clspackxq.exe
wsdkrlxp.exe
svchost.exe
twunk_32x.exe
mplay32xe.exe
iv.exe
file.exe,winlogon.exe
file.exe, winlogon.exe
mscdexnt.exe
wsdkrlxp.exe
eventcreatexp.exe
winhlp64.exe
cliconfg64.exe
winhbt.exe
Installer.exe
settdebugx.exe
clspackxq.exe
svhost.exe
services.exe
wscsvc32.exe
wow64main.exe
ktk57D9.tmp.exe
googletoolbar_download.exe
svchost.exe
winlogon.exe
file.exe
vvunbwrhxa.exe
AntivirusXP.exe
winlogin.exe
1462403437.exe
9179499.exe
Hyves_Browser_Instalation.exe
Hyves_Browser.exe
loader[1].exe
Test.exe
28823330.exe
ieupdates.exe
SetupAntivirusXP[1].exe
281681216.exe
new26[1].exe
adv111[1].exe
gr[2].exe
new23[1].exe
ntos.exe
free_scan.exe
sysguardn.exe
1[1].exe
StartApp.exe
AdwarePro_Setup[1].exe
AdwarePro.exe
ert51791.exe
card[1].exe
TckBX673.exe
winkfmc.exe
ParisHilton[1].exe
winafoe.exe
load[1].exe
iii[1].exe
vamsoft.exe
bd3q0qix.exe
bnmio.exe
~tmpa.exe
install[1].exe
cliconfg64.exe
wow64main.exe
winhbt.exe
iv.exe
file.exe, winlogon.exe
googletoolbar_download.exe
twunk_32x.exe
Installer.exe
install[1].exe
settdebugx.exe
winhlp64.exe
winlogon.exe
services.exe
mplay32xe.exe
mscdexnt.exe
svhost.exe
eventcreatexp.exe
wscsvc32.exe
ktk57D9.tmp.exe

Remove Backdoor.TDSS registry entries:

TDSS
Microsoft\Windows NT\CurrentVersion\tdssdata
Microsoft\Windows\CurrentVersion\Run\kxva
Microsoft\Windows\CurrentVersion\Uninstall\AdwarePro
Microsoft\Windows\CurrentVersion\Run\AdwareProMFCT
Adware Pro
Microsoft\Windows\CurrentVersion\App Paths\AdwarePro.exe
Microsoft\Windows\CurrentVersion\Run\sysguardn
Microsoft\Windows\CurrentVersion\Run\Mmexofumutokara
Microsoft\Windows\CurrentVersion\Run\281681216
AntivirusXP
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\AntivirusXP
Microsoft\Windows\CurrentVersion\Uninstall\Hyves Browser
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bbe160c6-8bd8-4ac6-2473-08baeca009ec}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDAA8EDA-5EBE-B4C8-8205-5C732F6F815E}
MICROSOFT\WINDOWS\CURRENTVERSION\RUN\AntivirusXP.exe
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ loader
RUNNING PROGRAM\winlogon.exe
RUNNING PROGRAM\Explorer.EXE
HKEY_LOCAL_
Disclaimer

Comments

  1. Stephan Verrips Apr 24, 2011

    And the MBR ? BackDoor.Tdss.4005 is infected my MBR ?

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.