Analysis by: Christopher Daniel So
ALIASES:

Virus:Win32/Alureon.K (Microsoft), Backdoor.Tidserv!inf (Symantec), Patched-SYSFile.e (McAfee), Virus.Win32.TDSS.e (Kaspersky), Troj/TDL3Sys-A (Sophos)

 PLATFORM:

Windows 2000, Windows XP, Windows Server 2003

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes


  TECHNICAL DETAILS

Tamaño del archivo 52,352 bytes
Tipo de archivo SYS
Residente en memoria Yes
Fecha de recepción de las muestras iniciales 04 May 2011

NOTES:
This is the Trend Micro detection for .SYS files that are modified by TDSS malware to aid its routines. The patched codes are responsible for executing the malware during startup and inject its component files into running processes. It also has rootkit capabilities, which enables it to hide its processes and files from the user.