From Wiki-Security, the free encyclopedia of computer security

Rootkit.TDSS Information
Type: Spyware
Analysis: Installs & gathers info from a PC without user permission.
Infection: By downloading freeware & shareware.
Symptoms: Changes PC settings, excessive popups & slow PC performance.
Detection Tool: >>> Download SpyHunter's Spyware Scanner <<<

SpyHunter's spyware scanner is intended to quickly scan and identify spyware on your PC. If you wish to eliminate spyware from your PC and prevent future spyware attacks, we recommend you buy SpyHunter's spyware removal tool, which includes full technical support and a Spyware HelpDesk to tackle spyware that is uniquely affecting your PC.
IE Alert:

If you are using Internet Explorer and can not download SpyHunter, please use a different browser like Firefox or Chrome.

Rootkit.TDSS is a malware which spreads its infection through peer-to-peer sharing networks or through corrupt websites that carry malicious freeware. Known also as TDL3 and Alureon (Microsoft), this spyware is known to operate through stealth techniques, making its detection and removal highly difficult. Rootkit.TDSS is the third variant of the TDSS rootkit family that has compromised computers – specifically those running under Microsoft Windows – around the world. The workings of the TDSS malware are no different from its earlier TDSS variants as well as other rootkits such as MBR rootkit and Rustock.C. The rationale behind the creation of Rootkit.TDSS is for its creators to be able to exercise control of the infected PCs and to facilitate fraudulent online activities. These activities range from financial information and password theft to DOS or Denial of Service attacks.

Detecting a Rootkit.TDSS Infection

Cyber criminals are known to use rootkits in order to keep their Trojan activities covert. Since rootkits are designed to evade detection from computer users and even from anti-malware software, most victims are unaware on the real state of their PCs. There are several signs that point to an existing Rootkit.TDSS infection and these include browser redirections, blocking of security websites, slow-loading web pages and inability for the PC user to launch an anti-malware program. Essentially, Rootkit.TDSS behaves like any other malware, except that Rootkit.TDSS is written in such a manner that detection becomes almost next to impossible. The installation of a rootkit like Rootkit.TDSS is made easier through PC users that log into their computers casually, imposing no access restrictions whatsoever.

Rootkit.TDSS is also known to assist in the establishment of a botnet. By maintaining a botnet, which is a network of computers controlled by a host computer using a corrupt program, cybercriminals behind Rootkit.TDSS are able to carry out a host of activities related to online fraud. This allows them to spread the malware infection more conveniently and to intercept Internet traffic so as to steal passwords, user names and credit card numbers. Through the botnet, hackers are also able to carry out a DOS attack, which prevents a server or network resource from functioning optimally.

Rootkit.TDSS Removal

The spread of Rootkit.TDSS is prompted by peer-to-peer networks that allow for the downloading of corrupted shareware or software. Drive-by downloads, which contain this rootkit component, find their way into PCs without asking for user permission. Simply uninstalling Rootkit.TDSS is not likely to remove the infection completely, since this malware may reinstall itself even after Rootkit.TDSS has already been removed. Having spawned several versions such as TDL-4, which is a 4th generation variant of the TDL malware, it's likely that Rootkit.TDSS has already found its way into a high number of machines.

Nonetheless, eliminating Rootkit.TDSS should be done right away after its detection. The removal of Rootkit.TDSS depends on the use of legitimate anti-malware tools, while its prevention rests mainly on responsible web browsing and file-downloading practices. While complicated, the process of deleting Rootkit.TDSS should be a priority. Legitimate security software will eliminate the Rootkit.TDSS infection completely and restore computer settings, to ensure optimum PC function.

To check your computer for Rootkit.TDSS, download SpyHunter Spyware Detection Tool.

SpyHunter spyware detection tool is only a scanner meant to assist you in detecting Rootkit.TDSS and other threats. If you detect the presence of Rootkit.TDSS on your PC, you have the opportunity to purchase the SpyHunter removal tool to remove any traces of Rootkit.TDSS.


Detection of Rootkit.TDSS (Recommended)

Rootkit.TDSS is difficult to detect and remove. Rootkit.TDSS is not likely to be removed through a convenient "uninstall" feature. Rootkit.TDSS, as well as other spyware, can re-install itself even after it appears to have been removed.

You also run the risk of damaging your computer since you're required to find and delete sensitive files in your system such as DLL files and registry keys. It is recommended you use a good spyware remover to remove Rootkit.TDSS and other spyware, adware, trojans and viruses on your computer.

Run a Rootkit.TDSS scan/check to successfully detect all Rootkit.TDSS files with the SpyHunter Spyware Detection Tool. If you wish to remove Rootkit.TDSS, you can either purchase the SpyHunter spyware removal tool to remove Rootkit.TDSS or follow the Rootkit.TDSS manual removal method provided in the "Remedies and Prevention" section.

Method of Infection

There are many ways your computer could get infected with Rootkit.TDSS. Rootkit.TDSS can come bundled with shareware or other downloadable software.

Another method of distributing Rootkit.TDSS involves tricking you by displaying deceptive pop-up ads that may appear as regular Windows notifications with links which look like buttons reading Yes and No. No matter which "button" that you click on, a download starts, installing Rootkit.TDSS on your system. Rootkit.TDSS installs on your computer through a trojan and may infect your system without your knowledge or consent.

If you think you may already be infected with Rootkit.TDSS, use this SpyHunter Spyware dectection tool to detect Rootkit.TDSS and other common Spyware infections. After detection of Rootkit.TDSS, the next advised step is to remove Rootkit.TDSS with the purchase of the SpyHunter Spyware removal tool.


Rootkit.TDSS may attempt to change your computer's desktop, hijack your browser, monitor your Internet browsing activities, change system files, and can do this without your knowledge or permission. Therefore, it is strongly recommended to remove all traces of Rootkit.TDSS from your computer.

Remedies and Prevention

Rootkit.TDSS, as well as other Spyware, are constantly evolving and becoming more advanced to avoid detection. Rootkit.TDSS along with its variants can install in different locations and even when you try to uninstall it you find they reappear when you reboot your computer.

Install a good anti-spyware software

When there's a large number of traces of Spyware, for example Rootkit.TDSS, that have infected a computer, the only remedy may be to automatically run a Spyware scan from a good anti-spyware software designed to detect Rootkit.TDSS and other types of spyware.

Remove Rootkit.TDSS manually

Another method to remove Rootkit.TDSS is to manually delete Rootkit.TDSS files in your system. Detect and remove the following Rootkit.TDSS files:


  • ucxmykkc.exe
  • 1776260179.exe
  • 72631899.exe
  • csrssc.exe
  • 7-v3av.exe
  • ~.exe
  • file.exe
  • podmena.exe
  • RkLYLyoM.exe


  • TDSSoexh.dll
  • TDSSciou.dll
  • TDSSriqp.dll
  • tdssserf.dll
  • TDSSnrsr.dll
  • UACyylfjdaa.dll
  • C:\WINDOWS\system32\_VOID[RANDOM].dll
  • C:\WINDOWS\system32\UAC[RANDOM].dll
  • C:\WINDOWS\system32\uacinit.dll
  • C:\WINDOWS\SYSTEM32\4DW4R3c.dll
  • C:\Documents and Settings\All Users\Application Data\_VOIDmainqt.dll

Other Files

  • tdssserv.sys
  • tdidrv2.sys
  • TDSSmaxt.sys
  • C:\WINDOWS\system32\_VOID[RANDOM].dat
  • C:\WINDOWS\system32\UAC[RANDOM].dat
  • C:\WINDOWS\system32\UAC[RANDOM].db
  • C:\WINDOWS\system32\uactmp.db
  • C:\WINDOWS\SYSTEM32\4DW4R3sv.dat
  • C:\WINDOWS\system32\drivers\_VOID[RANDOM].sys
  • C:\WINDOWS\system32\drivers\UAC[RANDOM].sys
  • %Temp%\_VOID[RANDOM].tmp
  • %Temp%\UAC[RANDOM].tmp

Registry Keys

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOIDd.sys
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\4DW4R3
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UACd.sys

External links

If you believe your computer is infected with spyware,
Wiki-Security highly recommends to download SpyHunter's spyware detection tool to check for spyware on your PC.

Disclaimer Information
This website, its content or any portion of this website is NOT affiliated with, connected to, or sponsored by Rootkit.TDSS or its creators in any way. This website does not advocate the actions or behavior of Rootkit.TDSS and its creators. Our objective is to provide Internet users with the know-how to detect and remove Rootkit.TDSS and other Internet threats.

The readers of this article should not mistake, confuse or associate this article to be an advertisement or a promotion of Rootkit.TDSS in any way. The content provided on this website is intended for educational or informational purposes and is provided "AS IS" with no warranties, and confers no rights.