Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.



  • Please log in to reply
1 reply to this topic

#1 grcridlan


  • Members
  • 1 posts
  • Local time:05:41 AM

Posted 02 September 2011 - 04:43 PM

I am a TDSS "sufferer" (not suffering too much, I needed to do a clean reinstall anyway as it has been a while), who has some sort-of antimalware responsibilities at work but is far from a professional. Looking around as much because I'm curious about TDSS as because I need help, although I intend to "play with" TDSS a bit on my system while it is offline and disconnected from peripherals, because I'm interested and want to generate some logs about the particular variety I have.

Interesting points so far:

-Acquired via DHCP/DNS fake on my network. Fake Firefox upgrade (yes, I'm a dummy, but there were no spelling errors! And they used the right colors!).
-Infection changes where DNS points to both on my network and elsewhere. Including to a 10.*.*.* destination - this is when I knew something was wrong.
-Part of the active portion appears to run in a svchost.exe with a thread.
-Infection diagnosed by my network admin (thank you!) who probably saw my box pop up with a fake DHCP server just like the one I visited elsewhere on the network.

BC AdBot (Login to Remove)


#2 jgweed


  • Members
  • 28,473 posts
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:08:41 AM

Posted 03 September 2011 - 08:21 AM

Let everyone know what you find as you play around (just be careful).
Welcome to BC!
Whereof one cannot speak, thereof one should be silent.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users