We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Trojan:Win32/Alureon.EC
Aliases: Backdoor.Win32.TDSS.ahg (Kaspersky) Backdoor.TDSS.YYV (VirusBuster) BackDoor.Generic13.BPJ (AVG) BDS/TDSS.ahf (Avira) Trojan.TDSS.AGQ (BitDefender) BackDoor.Siggen.26107 (Dr.Web) Win32/Olmarik.ADF (ESET) Backdoor.Win32.TDSS (Ikarus) Generic.dx!tty (McAfee) Mal/TDSSPack-AF (Sophos) Packed.Win32.Tdss.ad (Sunbelt Software) TROJ_TDSS.SMET (Trend Micro)
Summary
Restoring Corrupted Files
Restoring DNS Settings
- If the computer has a network interface that does not receive a configuration using DHCP, reset the DNS configuration if necessary. For information on configuring TCP/IP to use DNS in Windows XP, see http://support.microsoft.com/kb/305553
- If a dial-up connection is sometimes used from the computer, reconfigure the dial-up settings in the rasphone.pbk file as necessary, as Win32/Alureon may set the fields "IpDnsAddress" and "IpDns2Address" in the rasphone.pbk file to the attacker's address. The Microsoft scanner code that automatically removes Win32/Alureon backs up the infected dial-up configuration file to:
%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk.bak