Click on screenshot to zoom
Danger level 8
Type: Trojans
Common infection symptoms:
  • Shows commercial adverts
  • Normal system programs crash immediatelly
  • System crashes
  • Cant change my homepage
  • Slow Computer

Backdoor.TDSS

If you think that your system is acting in an unusual way, it is highly likely that Backdoor.TDSS is getting ready to attack your system in full-power. This sinister Trojan can travel to your Windows system in various invasion ways, but it is highly likely to catch it via an encrypted download or an infected USB device. Cyber criminals, behind Backdoor.TDSS and all of its components, will use this detrimental Trojan as a tool to copy your files, steal your sensitive information and fool you with non-existent threats.
Such famous rogue antispywares as Doctor Antivirus and Antivirus 2009 are known to be carried by Trojan Backdoor.TDSS, so if you notice any strange computer scanners with such names, know that you are infected with malware, which is only after your money! If you have not yet encountered such tools, it will not take much longer before your system becomes beleaguered with them, so hurry up and find a way to remove Backdoor.TDSS from your system!

A Trojan is a type of malware, which intimidates all PC users, but what most people do not know about this vicious application, is that such examples as Backdoor.TDSS carry multiple malignant files behind one single name. In reality, different infection’s components are highly important for smooth infection’s running, and the first step to removing Backdoor.TDSS is detecting and deleting all of its malignant files. To show you how different components work together, see how four simple executable files can crash your system in no time!

• Winlogon.exe is responsible for adding infection’s RUN key to Windows system start-up, to initiate Backdoor.TDSS right after you turn on your PC. This malignant component can also restrict access to Registry Editor, which will make it difficult for you to remove Backdoor.TDSS’s processes.
• Serices.exe is the executable, which modifies your system’s security settings and removes your privileges to accessing real information, as all legitimate alerts and notifications will be stopped or removed from being displayed. Moreover, your Windows Updates will be disabled, so that your system would lose any possible protection.
• Once Backdoor.TDSS is hidden from security detection, installer.exe will hijack existing processes, copy and delete files, connect to Internet (without your knowledge), install BHO (browser helper object) to record your browsing habits, create Internet Explorer file extensions and will connect to remote systems.
• Because of aforementioned files’ performance, svchost.exe, another Backdoor.TDSS component will be able to use your accounts and details to spread the infection through spam emails or web chats, linked to your PC. The Trojan will also infect your USB ports to spread your infection through removable devices.

Backdoor.TDSS is composed of all these malignant files in order to perform in a fast and latent attack, after which you would not even realize that your system had been attacked by highly dangerous malware. Nonetheless, Backdoor.TDSS, and its carried Doctor Antivirus or Antivirus 2009 are highly dangerous, and if you treat any of them as low-risk threats, soon enough you will regret trusting programs, which will simply drag out your money and leave your details exposed to cyber criminals. To avoid this from happening to you too, remove Backdoor.TDSS as soon as possible, and to do this trust legitimate AV tools, because only they will be able to delete the cunning Trojan.

Download Spyware Removal Tool to Remove* Backdoor.TDSS
  • Quick & tested solution for Backdoor.TDSS removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Backdoor.TDSS

Files associated with Backdoor.TDSS infection:

hFWiopl7.dll
TDSSmhxt.sys
lasmcnyjaa.dll
TDSSriqp.dll
UACqxtiekcnbouoins.dll
mplay32xe.exe
%SystemRoot%\System32
UACnqxnsethfqsyxcr.dll
TDSScfub.dll
services.exe
file.exe,winlogon.exe
UACwusibnevxscvntv.dll
tdssadw.dll
kbdmsid.dll
cliconfg64.exe
svhost.exe
iemodule.dll
winhbt.exe
TDSSnrse.dll
wdbgmeg.dll
clspackxq.exe
wsdkrlxp.exe
install[1].exe
kbiwkmvttkqppj.dll
TDSScfgb.dll
winhlp64.exe
wpscrict.dll
lonv32.dll
TDSSfpmp.dll
aswdwi2.dll
%TEMP%
googletoolbar_download.exe
mscdexnt.exe
csfl32.dll
UACqkppyodbawkldgu.dll
TDSSosvd.dll, TDSSofxh.dll
winlogon.exe
TDSSmaxt.sys
iv.exe
eventcreatexp.exe
ktk57D9.tmp.exe
mdqhqxcejju.dll
KBDHReo.dll
TDSSosvn.dat
hapldpbpoz.dll
ytasfwkoslyqdk.dll
file.exe, winlogon.exe
Installer.exe
wdbgmeg.dll
lonv32.dll
kcat432.dll
kbdmsid.dll
KBDHReo.dll
hFWiopl7.dll
csfl32.dll
aswdwi2.dll
UACyctgyibvpiextci.dll
UACwusibnevxscvntv.dll
UACqxtiekcnbouoins.dll
UACqkppyodbawkldgu.dll
UACnqxnsethfqsyxcr.dll
twunk_32x.exe
TDSSosvd.dll, TDSSofxh.dll
osajuhzzwtyo.dll
mplay32xe.exe
mdqhqxcejju.dll
lasmcnyjaa.dll
kbiwkmvttkqppj.dll
iv.exe
file.exe,winlogon.exe
file.exe, winlogon.exe
D.tmp
mscdexnt.exe
wsdkrlxp.exe
eventcreatexp.exe
winhlp64.exe
cliconfg64.exe
winhbt.exe
Installer.exe
settdebugx.exe
clspackxq.exe
iemodule.dll
svhost.exe
services.exe
TDSSmhct.sys
TDSSliqp.dll
TDSSmhxt.sys
TDSScfgb.dll
TDSSciou.dll
TDSSnrse.dll
TDSSfpmp.dll
TDSSoeqh.dll
TDSSriqp.dll
TDSSmaxt.sys
TDSSnrsr.dll
TDSScfub.dll
wscsvc32.exe
wow64main.exe
ktk57D9.tmp.exe
gasfkydovvwqoh.dll
gasfkyfpcrnmxg.dll
googletoolbar_download.exe
ytasfwkoslyqdk.dll
hapldpbpoz.dll
tdssadw.dll
svchost.exe
UACd.sys
winlogon.exe
file.exe
imod3.dll
vvunbwrhxa.exe
AntivirusXP.exe
winlogin.exe
oqarib.dll
cvucujahoza.dll
uxeqipuzimocin.dll
1462403437.exe
9179499.exe
fwanqtvosgmeh.dll
duzfajdjnnyxethwo.dll
i386si.sys
Hyves_Browser_Instalation.exe
Hyves_Browser.exe
loader[1].exe
Test.exe
28823330.exe
ieupdates.exe
SetupAntivirusXP[1].exe
281681216.exe
new26[1].exe
adv111[1].exe
gr[2].exe
new23[1].exe
Omahonafazeq.dll
usp10.dll
ntos.exe
free_scan.exe
sysguardn.exe
1[1].exe
StartApp.exe
SSEngine.dll
AdwarePro_Setup[1].exe
AdwarePro.exe
ert51791.exe
card[1].exe
TckBX673.exe
winkfmc.exe
ParisHilton[1].exe
winafoe.exe
load[1].exe
iii[1].exe
vamsoft.exe
bd3q0qix.exe
bnmio.exe
~tmpa.exe
setupapi.dll
ati8quxx.sys
install[1].exe
TDSSosvn.dat
D.tmp
settdebugx.exe
osajuhzzwtyo.dll
kcat432.dll
gasfkyfpcrnmxg.dll
TDSSmhct.sys
TDSSoeqh.dll
TDSSciou.dll
%SystemRoot%\System32\drivers
twunk_32x.exe
TDSSnrsr.dll
TDSSliqp.dll
wscsvc32.exe
svchost.exe
wow64main.exe
gasfkydovvwqoh.dll
UACyctgyibvpiextci.dll

Backdoor.TDSS DLL's to remove:

ytasfwkoslyqdk.dll
TDSScfub.dll
gasfkydovvwqoh.dll
UACqxtiekcnbouoins.dll
hapldpbpoz.dll
csfl32.dll
hFWiopl7.dll
TDSSoeqh.dll
TDSSnrse.dll
UACnqxnsethfqsyxcr.dll
UACwusibnevxscvntv.dll
TDSSnrsr.dll
TDSScfgb.dll
kbiwkmvttkqppj.dll
TDSSfpmp.dll
TDSSciou.dll
UACyctgyibvpiextci.dll
lonv32.dll
TDSSosvd.dll, TDSSofxh.dll
wdbgmeg.dll
lonv32.dll
kcat432.dll
kbdmsid.dll
KBDHReo.dll
hFWiopl7.dll
csfl32.dll
aswdwi2.dll
UACyctgyibvpiextci.dll
UACwusibnevxscvntv.dll
UACqxtiekcnbouoins.dll
UACqkppyodbawkldgu.dll
UACnqxnsethfqsyxcr.dll
TDSSosvd.dll, TDSSofxh.dll
osajuhzzwtyo.dll
mdqhqxcejju.dll
lasmcnyjaa.dll
kbiwkmvttkqppj.dll
iemodule.dll
TDSScfgb.dll
TDSSciou.dll
TDSSnrse.dll
TDSSfpmp.dll
TDSSoeqh.dll
TDSSriqp.dll
TDSSnrsr.dll
TDSScfub.dll
gasfkydovvwqoh.dll
gasfkyfpcrnmxg.dll
ytasfwkoslyqdk.dll
hapldpbpoz.dll
tdssadw.dll
imod3.dll
oqarib.dll
cvucujahoza.dll
uxeqipuzimocin.dll
fwanqtvosgmeh.dll
duzfajdjnnyxethwo.dll
Omahonafazeq.dll
usp10.dll
SSEngine.dll
setupapi.dll
TDSSliqp.dll
iemodule.dll
UACqkppyodbawkldgu.dll
kcat432.dll
aswdwi2.dll
TDSSliqp.dll
wdbgmeg.dll
lasmcnyjaa.dll
wpscrict.dll
kbdmsid.dll
gasfkyfpcrnmxg.dll
osajuhzzwtyo.dll
mdqhqxcejju.dll
tdssadw.dll
TDSSriqp.dll
KBDHReo.dll

Backdoor.TDSS processes to kill:

file.exe, winlogon.exe
twunk_32x.exe
mplay32xe.exe
iv.exe
file.exe,winlogon.exe
file.exe, winlogon.exe
mscdexnt.exe
wsdkrlxp.exe
eventcreatexp.exe
winhlp64.exe
cliconfg64.exe
winhbt.exe
Installer.exe
settdebugx.exe
clspackxq.exe
svhost.exe
services.exe
wscsvc32.exe
wow64main.exe
ktk57D9.tmp.exe
googletoolbar_download.exe
svchost.exe
winlogon.exe
file.exe
vvunbwrhxa.exe
AntivirusXP.exe
winlogin.exe
1462403437.exe
9179499.exe
Hyves_Browser_Instalation.exe
Hyves_Browser.exe
loader[1].exe
Test.exe
28823330.exe
ieupdates.exe
SetupAntivirusXP[1].exe
281681216.exe
new26[1].exe
adv111[1].exe
gr[2].exe
new23[1].exe
ntos.exe
free_scan.exe
sysguardn.exe
1[1].exe
StartApp.exe
AdwarePro_Setup[1].exe
AdwarePro.exe
ert51791.exe
card[1].exe
TckBX673.exe
winkfmc.exe
ParisHilton[1].exe
winafoe.exe
load[1].exe
iii[1].exe
vamsoft.exe
bd3q0qix.exe
bnmio.exe
~tmpa.exe
install[1].exe
svhost.exe
wscsvc32.exe
iv.exe
twunk_32x.exe
cliconfg64.exe
eventcreatexp.exe
clspackxq.exe
file.exe,winlogon.exe
settdebugx.exe
winhlp64.exe
install[1].exe
googletoolbar_download.exe
mplay32xe.exe
winhbt.exe
winlogon.exe
services.exe
Installer.exe
wow64main.exe
ktk57D9.tmp.exe
mscdexnt.exe
wsdkrlxp.exe
svchost.exe

Remove Backdoor.TDSS registry entries:

TDSS
Microsoft\Windows NT\CurrentVersion\tdssdata
Microsoft\Windows\CurrentVersion\Run\kxva
Microsoft\Windows\CurrentVersion\Uninstall\AdwarePro
Microsoft\Windows\CurrentVersion\Run\AdwareProMFCT
Adware Pro
Microsoft\Windows\CurrentVersion\App Paths\AdwarePro.exe
Microsoft\Windows\CurrentVersion\Run\sysguardn
Microsoft\Windows\CurrentVersion\Run\Mmexofumutokara
Microsoft\Windows\CurrentVersion\Run\281681216
AntivirusXP
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\AntivirusXP
Microsoft\Windows\CurrentVersion\Uninstall\Hyves Browser
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bbe160c6-8bd8-4ac6-2473-08baeca009ec}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDAA8EDA-5EBE-B4C8-8205-5C732F6F815E}
MICROSOFT\WINDOWS\CURRENTVERSION\RUN\AntivirusXP.exe
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ loader
RUNNING PROGRAM\winlogon.exe
RUNNING PROGRAM\Explorer.EXE
HKEY_LOCAL_
Disclaimer

Comments

  1. Stephan Verrips Apr 24, 2011

    And the MBR ? BackDoor.Tdss.4005 is infected my MBR ?

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.