Rootkit TDN.SYS is software that enables continued privileged access to a computer while actively hiding its presence.
Detection and removal of TDN.SYS may be a very difficult process.
You should use anti-rootkit software to fix the TDN.SYS problem.
Malware Analysis of TDN.SYS
Full path on a computer: %SysDir%\drivers\tdn.sys
Detected by UnHackMe:
TDN.SYS
Default location: %SysDir%\drivers\tdn.sys
Removal Results: Success
Number of reboot: 1
TDN.SYS is known as:
Rootkit.Turla
TDN.SYS hash:
- MD5: 1eae046083c00854a61a845b799e72c6
The file is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
How to quickly detect TDN.SYS presence?
Registry:
- HKLM\System\CurrentControlSet\Services\tdn\ImagePath: “\??\%SysDir%\DRIVERS\tdn.sys”
- HKLM\System\CurrentControlSet\Services\tdn\DisplayName: “tdn”
Files:
- %Temp%\fwclt.exe
- %SysDir%\drivers\tdn.sys
- %SysDir%\commodule.dll
- %SysDir%\msidfn32.dll
- %SysDir%\winstat0.pdr
- %SysDir%\winview.ocx