Quantcast
Channel: How to Remove Malware
Viewing all articles
Browse latest Browse all 38585

TDN.SYS is Rootkit Turla

$
0
0

Rootkit TDN.SYS is software that enables continued privileged access to a computer while actively hiding its presence.
Detection and removal of TDN.SYS may be a very difficult process.
You should use anti-rootkit software to fix the TDN.SYS problem.

Malware Analysis of TDN.SYS
Full path on a computer: %SysDir%\drivers\tdn.sys

Detected by UnHackMe:

TDN.SYS
Default location: %SysDir%\drivers\tdn.sys

Removal Results: Success
Number of reboot: 1

TDN.SYS is known as:

Rootkit.Turla

TDN.SYS hash:

  • MD5: 1eae046083c00854a61a845b799e72c6
The file is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
How to quickly detect TDN.SYS presence?
Registry:
  • HKLM\System\CurrentControlSet\Services\tdn\ImagePath: “\??\%SysDir%\DRIVERS\tdn.sys”
  • HKLM\System\CurrentControlSet\Services\tdn\DisplayName: “tdn”
Files:
  • %Temp%\fwclt.exe
  • %SysDir%\drivers\tdn.sys
  • %SysDir%\commodule.dll
  • %SysDir%\msidfn32.dll
  • %SysDir%\winstat0.pdr
  • %SysDir%\winview.ocx


Viewing all articles
Browse latest Browse all 38585

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>