Associated Malware Groups
The filename is associated with the malware groups:
- Rootkit
- Cloaked Malware
- Worm
File Behavior
TDSSSERV.SYS has been seen to perform the following behavior:
- The Process is packed and/or encrypted using a software packing process
- Uses low level functions to hide itself from the user and from system/security processes
- Found on infected systems and resists interrogation by security products
TDSSSERV.SYS has been the subject of the following behavior:
- Created as a process on disk
- Deleted as a process from disk
- Created as a new Background Service on the machine
- Loaded and Executed as a System Driver File
Country Of Origin
The filename TDSSSERV.SYS was first seen on Aug 2 2008 in the following geographical regions of the Prevx community:
- SPAIN on Aug 2 2008
- SWEDEN on Aug 2 2008
- The UNITED STATES on Aug 23 2008
- NETHERLANDS on Aug 28 2008
- CANADA on Aug 28 2008
- GERMANY on Sep 29 2008
- The UNITED KINGDOM on Nov 4 2008
File Name Aliases
TDSSSERV.SYS can also use the following file names:
- TDSSMCCB.SYS
- TDSS6329.TMP
- TDSSOFXH.SYS
- TDSSMAXT.SYS.TMP
- TDSS6EFC.TMP
- TDSSA8B4.TMP
- TDSS615.TMP
- TDSSB24A.TMP
- TDSSEC47.TMP
- TDSSSERV.SY_
- TDSSCE57.TMP
- TDSS3464.TMP
- 01C8F80BDE294C60_TDS5_TMP.PE
- |
- 01C8F538A419545A_TDSSSERV_SYS.PE
- 01C8F538A7760544_TDS5_TMP.PE
Filesizes
The following file size has been seen:
- 51,712 bytes
- 41,472 bytes
- 65,536 bytes
- 60,416 bytes
- 36,352 bytes
- 36,864 bytes
- 35,328 bytes
File Type
The filename TDSSSERV.SYS refers to many versions of a dynamic link library.
PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.