RTKT_TDSS.KARUD
Windows 2000, XP, Server 2003
Threat Type: Trojan
Destructiveness: No
Encrypted: Yes
In the wild: Yes
OVERVIEW
It is a component file of other BKDR_TDSS malware to hide its processes and files from the user. It is also responsible for ensuring that the Master Boot Record of the system is infected.
This Trojan may arrive bundled with malware packages as a malware component. It may be dropped by other malware. It may be dropped by other malware.
It is a component of other malware.
Its rootkit functionalities are used by other malware/grayware.
TECHNICAL DETAILS
20,992 bytes
SYS
Yes
06 Apr 2011
Arrival Details
This Trojan may arrive bundled with malware packages as a malware component.
It may be dropped by other malware.
It may be dropped by the following malware:
- BKDR_TDSS.KARU
Installation
This Trojan is a component of other malware.
Rootkit Capabilities
This Trojan s rootkit functionalities are used by other malware/grayware.
Other Details
This Trojan does the following:
- Hides processes and files from the user. This malware is a component file of other BKDR_TDSS. This file has usually two versions, one for 32-bit and one for 64-bit systems. This file is also responsible for ensuring that the Master Boot Record of the system is infected.
SOLUTION
8.900
7.956.14
08 Apr 2011
7.957.00
08 Apr 2011
Step 1
For Windows XP and Windows Server 2003 users, before doing any scans, please make sure you disable System Restore to allow full scanning of your computer.
Step 3
Scan your computer with your Trend Micro product to delete files detected as RTKT_TDSS.KARUD. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.
Did this description help? Tell us how we did.