Malware

TDss.22 removal tips

Malware Removal

The TDss.22 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TDss.22 virus can do?

  • Executable code extraction
  • Injection with CreateRemoteThread in a remote process
  • Creates RWX memory
  • Expresses interest in specific running processes
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Russian
  • Deletes its original binary from disk
  • Code injection with NtQueueApcThread in a remote process
  • A process attempted to delay the analysis task by a long amount of time.
  • A system process is generating network traffic likely as a result of process injection
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Creates a slightly modified copy of itself
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz
catalyst.com
my-loads2.net
karaganda.co.cc

How to determine TDss.22?



File Info:

crc32: 024922EE
md5: 13de1dc11ced8a1b2ec9f63d5fed1907
name: 13DE1DC11CED8A1B2EC9F63D5FED1907.mlw
sha1: 0fcc0519defbb4b26d5fab73845c6af40e098669
sha256: 20dc185df9c9800a7d64d22ade21ae8d919997c1c72b83cff6ef365da55c1722
sha512: b78ab5bd3323e4af25172c2f0862882157d638b462dade3ecead4632e995176b99194f699286313f0739b32091704edcf238de43580abe1fb382232c28ad8e66
ssdeep: 1536:cJEi2R6qP2ak394tOG+ynsT7oVIJtdLOj6BLKoKQVNMSNcYoev0SO:cJ6j2ak3aV+HoVIJDLOwLKXOMioec3
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright xa9 2002-2005 Four-F
InternalName: KmdManager
FileVersion: 1, 3, 0, 0
CompanyName: Four-F
Comments: Let you install, start, stop and uninstall device drivers
ProductName: Kernel Mode Driver Manager
ProductVersion: 1.3
FileDescription: Kernel Mode Driver Manager
OriginalFilename: KmdManager.exe
Translation: 0x0409 0x04b0

TDss.22 also known as:

BkavW32.AIDetect.malware2
LionicHacktool.Win32.Krap.x!c
Elasticmalicious (high confidence)
DrWebTrojan.KillProc.17430
CynetMalicious (score: 100)
ALYacGen:Variant.TDss.22
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.899908
SangforTrojan.Win32.Krap.ae
CrowdStrikewin/malicious_confidence_100% (D)
AlibabaVirTool:Win32/Obfuscator.b776f666
Cybereasonmalicious.11ced8
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.KMI
APEXMalicious
AvastWin32:Malware-gen
KasperskyPacked.Win32.Krap.ae
BitDefenderGen:Variant.TDss.22
NANO-AntivirusTrojan.Win32.Diple.dchnd
MicroWorld-eScanGen:Variant.TDss.22
TencentMalware.Win32.Gencirc.114bcb34
Ad-AwareGen:Variant.TDss.22
SophosML/PE-A + Mal/FakeAV-IU
BitDefenderThetaGen:NN.ZexaF.34294.gu1@aq7B4@fc
VIPREWorm.Win32.Koobface.as (v)
McAfee-GW-EditionGenericRXNS-ED!13DE1DC11CED
FireEyeGeneric.mg.13de1dc11ced8a1b
EmsisoftGen:Variant.TDss.22 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan/Diple.dd
AviraTR/Crypt.XPACK.Gen
eGambitGeneric.Malware
Antiy-AVLTrojan/Generic.ASMalwS.761FCF
MicrosoftTrojanDownloader:Win32/Karagany.A
SUPERAntiSpywareTrojan.Agent/Gen-FraudAgent
GDataGen:Variant.TDss.22
AhnLab-V3Trojan/Win32.CSon.R2951
McAfeeGenericRXNS-ED!13DE1DC11CED
MAXmalware (ai score=100)
VBA32Trojan.MrWhite.va
MalwarebytesMalware.AI.3095165411
PandaBck/Qbot.AO
RisingTrojan.Generic@ML.92 (RDML:YlSpz7aKzdlmjpYT8iPEbg)
YandexTrojan.Kryptik!nl85RY3r9Sk
IkarusTrojan.Win32.Oficla
FortinetW32/Zbot.AV!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml

How to remove TDss.22?

TDss.22 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment