Analysis by: Christopher Daniel So

ALIASES:

Virus:Win32/Alureon.K (Microsoft), Backdoor.Tidserv!inf (Symantec), Patched-SYSFile.e (McAfee), Virus.Win32.TDSS.e (Kaspersky), Troj/TDL3Sys-A (Sophos)

 PLATFORM:

Windows 2000, Windows XP, Windows Server 2003

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  TECHNICAL DETAILS

File Size: 52,352 bytes
File Type: SYS
Memory Resident: Yes
Initial Samples Received Date: 04 May 2011

NOTES:
This is the Trend Micro detection for .SYS files that are modified by TDSS malware to aid its routines. The patched codes are responsible for executing the malware during startup and inject its component files into running processes. It also has rootkit capabilities, which enables it to hide its processes and files from the user.