PTCH_TDSS.A

 Analysis by: Christopher Daniel So

 ALIASES:

Virus:Win32/Alureon.K (Microsoft), Backdoor.Tidserv!inf (Symantec), Patched-SYSFile.e (McAfee), Virus.Win32.TDSS.e (Kaspersky), Troj/TDL3Sys-A (Sophos)

 PLATFORM:

Windows 2000, Windows XP, Windows Server 2003

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes


  TECHNICAL DETAILS

File Size:

52,352 bytes

File Type:

SYS

Memory Resident:

Yes

Initial Samples Received Date:

04 May 2011

NOTES:
This is the Trend Micro detection for .SYS files that are modified by TDSS malware to aid its routines. The patched codes are responsible for executing the malware during startup and inject its component files into running processes. It also has rootkit capabilities, which enables it to hide its processes and files from the user.