1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Home
  2. Security
  3. Security Lab
  4. Latest Threats
  5. Virus Descriptions
  6. Trojan:W32/TDSS.BR

Trojan:W32/TDSS.BR

Name : Trojan:W32/TDSS.BR
Detection Names : Trojan:W32/TDSS.BR
Trojan.Win32.TDSS.tqf
Aliases : Trojan:W32/Alureon.gen!J (Microsoft)
Category:Malware
Type:Trojan
Platform:W32

Summary

A trojan, or trojan horse, is a seemingly legitimate program which secretly performs other, usually malicious, functions. It is usually user-initiated and does not replicate.

Details


Registry Modifications
Creates these keys:

  • HKEY_CURRENT_USER\Software\PlayMe
    (Default) = "%ProgramFiles%\PlayMe"
  • HKEY_CURRENT_USER\Software\PlayMeSoft
    Start Menu Folder = "PlayMe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMe
    UninstallString = "%ProgramFiles%\PlayMe\Uninstall.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMe
    DisplayName = "PlayMe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMe
    DisplayIcon = "%ProgramFiles%\PlayMe\Uninstall.exe,0"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMe
    InstallLocation = "%ProgramFiles%\PlayMe"


Additional Details

This trojan arrives as an installer file downloaded from a fake video posted on a video site.


Installation

Upon execution of the installer, the trojan drops and executes a malicious file hidden in the archive installer. The malicious file is detected as Worm:W32/TDSS.BU.

The trojan also creates the following files:

  • %ProgramFiles%\PlayMe\Uninstall.exe - normal uninstaller file
  • %UserProfile%\Start Menu\Programs\PlayMe\Uninstall.lnk - link to uninstaller