Click on screenshot to zoom
Danger level 8
Type: Trojans

Other mutations known as:
Spammer.Tedroo.A

Spammer.Tedroo

Spammer.Tedroo is a spammer Trojan which spreads infected links through enclosed spam e-mails. The spam mail from this Trojan is sometimes hard to recognize as a spam, because it comes well encrypted and the infection manages to hide itself from the user. Spammer.Tedroo also spreads via the same channels, when it sends spam e-mail messages. This Trojan gets its configuration data from a remote server and all the spam is sent through SMTP servers, which is an Internet standard for email transfer across the IP networks. Whenever Spammer.Tedroo infects a system, it connects to a remote server to report about the new infection and then it retrieves information which needs to be sent with that spam e-mail message.

When Spammer.Tedroo infection gets into your computer, it sets itself as a program which is allowed to function within the Windows firewall. Then it performs certain changes in the system which allows the Trojan to send out spam messages from the infected computer. The emails sent are generally encoded in HTML format, which means that they have hyperlinks embedded and the user who receives those emails does not need to copy and paste whatever the email is offering into his or her browser. Clicking on the link within the spam email message infects the user with another Trojan, thus exposing the system to even a bigger threat. The users are tricked into believing that they are clicking to see a free famous actress video or things similar to that.

With Spammer.Tedroo infecting the system, there is also a list of process which run in the computer and can be found in your Windows Task Manager. The presence of these processes confirms the Spammer.Tedroo’s infection, and these associated files add up to the overall payload of the Trojan. For example, 14.exe is a malware dropped and a worm, which loads automatically once you boot up your computer. It appears as a browser helper object in the Internet Explorer, and it constantly floods the user with system tray pop-ups, error messages and fake security warnings. This can lead to an assumption that Spammer.Tedroo might also be a part of rogue antispyware distribution network.

This Trojan is also associated with the csrss.exe process. Normally it is a legitimate process of your operating system and it needs to run all the time, however, if the csrss.exe you are seeing is located in a directory other than C:\Windows\system32, then you need to scan your computer for an infection. There is also msvmcls64.exe which is a very nasty process. It disables notifications from the Windows Security Center, and lowers down your overall system security. It can also disable your access to the Windows Task Manager and to the Safe Mode. It shows that the payload Spammer.Tedroo comes with tries hard to make the Trojan remain your system for as long as possible.

However, you must remove Spammer.Tedroo from your computer as soon as you are sure of the infection, because this parasite can obviously greatly damage your system and then lead to even more serious infections. Removing a Trojan manually can be very hard if you are not familiar with the insides of your system, so it is recommended to acquire a reliable security product which will terminate Spammer.Tedroo automatically for you.

Download Spyware Removal Tool to Remove* Spammer.Tedroo
  • Quick & tested solution for Spammer.Tedroo removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Spammer.Tedroo

Files associated with Spammer.Tedroo infection:

1.exe
82.exe
12.tmp
25.tmp
wuauclt.exe
mstatea.dll
mfpmsc.dll
rav.exe
odcsskt.dat
cacheautoobj.exe
taskmgr.exe
svchost.exe
rarydse.dll
nbcqz.exe
setup.exe
fb hack.exe
csrss.exe
14.exe
winwrrh.exe
userini.exe
explorer.exe:userini.exe
34611015.exe
09939939.exe
services.exe
servises.exe
winlogon.exe
userinit.exe
msvmiode.exe
009547.exe
msvmcls64.exe
68.tmp
winlagon.exe

Spammer.Tedroo DLL's to remove:

mstatea.dll
mfpmsc.dll
rarydse.dll

Spammer.Tedroo processes to kill:

1.exe
82.exe
wuauclt.exe
rav.exe
cacheautoobj.exe
taskmgr.exe
svchost.exe
nbcqz.exe
setup.exe
fb hack.exe
csrss.exe
14.exe
winwrrh.exe
userini.exe
explorer.exe:userini.exe
34611015.exe
09939939.exe
services.exe
servises.exe
winlogon.exe
userinit.exe
msvmiode.exe
009547.exe
msvmcls64.exe
winlagon.exe

Remove Spammer.Tedroo registry entries:

HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN MS Virtual CLS
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN runservices
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN runwinlogon
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN services
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN servises
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN userini
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSNTCURRENTVERSIONWINLOGONUSERINIT userinit
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\USERINIT\ userinit
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ MS Virtual CLS
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ runservices
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ runwinlogon
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ services
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ servises
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ userini
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.