Packed.Win32.Tdss.f is a Trojan that can hide its presence when infecting system files by injecting a code on legitimate Windows processes. This highly advanced method of infection is called rootkit technique. Packed.Win32.Tdss.f is also capable of creating a backdoor port to allow a remote attacker to gain full access on the compromised computer without user’s consent. This approach may give an attacker access to sensitive data that are stored on the system.
Alias: Packed.Generic.200, Virus.Win32.Fasec, Rootkit.Win32.TDSS, DNSChanger.r, Trojan:Win32/Alureon.gen!J, Generic FakeAlert.k, Trojan:Win32/FakeSpyguard, Mal/Alureon-C, Mal/TDSSPack-E, Packed.Win32.Tdss
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
Once it executes on the computer, the Trojan will inject a harmful code on legitimate system processes. Although it will not corrupt the file, its effect can ruin the operation of antivirus software. It can actually make security program useless.
In order to conceal its presence, Packed.Win32.Tdss.f embeds its executable process on system files. Only noticeable change is sudden reduction on the performance of the PC. Due to high memory usage, affected computer may also crash from time to time.
Packed.Win32.Tdss.f may arrive on target computer is several ways. The most common avenue for propagation is through spamming. A link presented on instant messaging application may lead user to a malicious web site hosting a copy of Packed.Win32.Tdss.f. Fake software update also leads unsuspecting user to install the Trojan without full knowledge that this simple mistake may cause severe damages.
Another means to spread this threat is through drive-by-download. Packed.Win32.Tdss.f can penetrate the computer if user pays a visit to a web site that is either legitimate but compromised or web pages that are harmful in nature. The infection process is so covert that visitor’s may not realized that the Trojan is automatically loaded into their PC.