Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Trojan Agent tdss

  • Please log in to reply
1 reply to this topic

#1 Don Spencer

Don Spencer

  • Members
  • 2 posts
  • Local time:01:01 PM

Posted 23 December 2008 - 11:32 AM

I do internal tech support for a small New Jersey company, we have about 50 computers running Windows XP Professional. Yesterday one of the girls complained her computer was slow, locking up completely just trying to open an Internet Explorer window.
I took a look at it and realized her AVG 7.5 anti-virus hadn't been updated in 2 weeks, and when I tried doing a manual update, it told me there was no connection. hmmmmmm that's not good....
I put her on a backup computer, brought hers back to my desk, and tried to install Malwarebytes' Anti-Malware but it wouldn't install. I've never had that happen, so I renamed the install program and it seemed to install. Then, after installing it, I couldn't get it to open. So, I renamed the mbam.exe file and was able to open it, but wouldn't let me update it. I ran a scan anyway, and it found 10 problems. All were referencing tdssdata (Trojan.Agent) I had to reboot to finish cleaning it, after that I could update it, ran the scan again, found two more problems, but now all is well *whew*

What exactly does Trojan Agent tdss actually do? I can see lots of comments on how to get rid of it, I'm wondering what it is doing?

BC AdBot (Login to Remove)


#2 boopme


    To Insanity and Beyond

  • Global Moderator
  • 73,573 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:01:01 PM

Posted 23 December 2008 - 12:10 PM

Hello and welcome.

Trojan.TDSSxxxx is a trojan horse that may represent security risk for the compromised system and/or its network environment. The program uses rootkit-specific techniques designed to hide the software presence in the system. This trojan also blocks user access to security websites.

The identified infections is a backdoor with rootkit capabilities.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users