Packed.Win32.Tdss.f
Packed.Win32.Tdss.f is a Trojan that can hide its presence when infecting system files by injecting a code on legitimate Windows processes. This highly sophisticated method of infection is called rootkit technique. Packed.Win32.Tdss.f is also capable of creating a backdoor port to allow a remote attacker to gain full-unauthorized access on the compromised computer.
Alias: Packed.Generic.200, Virus.Win32.Fasec, Rootkit.Win32.TDSS, DNSChanger.r, Trojan:Win32/Alureon.gen!J, Generic FakeAlert.k, Trojan:Win32/FakeSpyguard, Mal/Alureon-C, Mal/TDSSPack-E, Packed.Win32.Tdss
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
Characteristics
Packed.Win32.Tdss.f may arrive on target computer is several ways. The most common avenue for propagation is through spamming. A link presented on instant messaging application may lead user to a malicious web site hosting a copy of Packed.Win32.Tdss.f. Fake software update also leads unsuspecting user to install the Trojan without full knowledge that this simple mistake may cause severe damages.
Another means of propagation is through drive-by-download. Packed.Win32.Tdss.f can penetrate the computer if user pays a visit to a web site that is either legitimate but compromised or web pages that are harmful in nature. The infection process is so covert that visitor’s may not realized that the Trojan is automatically loaded into their PC.
Associated Files and Folders:%AppData%\microsoft\windows\winlogon.exe %CommonAppData%\microsoft\media index\drivers\hdddriver.dll %CommonAppData%\microsoft\network\dlls\iemodule.dll %CommonAppData%\microsoft\network\install.exe %ProgramFiles%\internet antivirus pro\iapro.exe %ProgramFiles%\malware defender 2009\malwaredef.exe %ProgramFiles%\malware defender 2009\uninstall.exe %ProgramFiles%\system guard 2009\systemguard.exe %ProgramFiles%\system guard 2009\uninstall.exe %System%\1.exe %System%\wcenter.exe %System%\winscenter.exe %Temp%\file.exe %Temp%\virus\malwaredefender2009.exe
How to Remove Packed.Win32.Tdss.f
1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. To be able to identify even the most recent variant of Packed.Win32.Tdss.f, open your antivirus application and update the virus definition file.
3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 on your keyboard repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Please select Safe Mode with Networking.
- The system will now boot Windows and loads only necessary drivers and files.
4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable to delete, better place them in quarantine. Once the scan is complete, please proceed with the next step.
Scan with Norton Power Eraser:
Additional virus removal tool like Norton Power Eraser provides deep scanning technology to eliminate other threats not detected by a normal virus scan. Use this tool with extra caution.
5. Go to this link and download Norton Power Eraser.
6. Once the download completes, double click on the file NPE.exe to run the program.
7. It will prompt for End User License Agreement, click on Accept to continue.
8. On NPE main window, click on Scan. Then select Include Rootkit Scan. Click on Continue to proceed.
9. Virus scanning may take some time. After running the scan, NPE will display the scan result.
Important! If there are any detected threats under Suspicious, remove the check mark. Only threats in Detected category are necessary to remove at this point. Make sure that you mark the Create System Restore Point before proceeding with the fix.
10. Now click on Fix to start removing the threats including Packed.Win32.Tdss.f remnants if there are any.
11. When done, Norton Power Eraser will restart the computer. Then after a reboot, it will initialize and display the eliminated threats.
12. You may now close Norton Power Eraser.
LW
May 19, 2009 @ 16:33:00
Malwarebytes did not find or remove this program for me.