H8SRT trojan is a new version of TDSS trojan, also known as Rootkit.TDSS. The trojan infects your computer through a vulnerability in an already installed programs (mostly in InternetExplorer). It is a very dangerous trojan-rootkit, it uses rootkit-specific techniques designed to hide the software presence in the system.
When installed, it will be configured to start automatically when Windows starts. H8SRT trojan may:
– display many popups and fake security alerts;
– hijack Internet Explorer;
– redirect search results in Google, Yahoo, MSN to non related sites;
– block an access to security websites;
– disable Windows Task Manager, Windows Security Center and Registry editor.
What is more, H8SRT trojan blocks the ability to run a lot of antivirus and antispyware programs, including Malwarebytes Anti-Malware. Also it is usually installed in conjunction with a rogue antispyware programs.
If your computer is infected with the trojan, then use these removal instructions below, which will remove H8SRT trojan and any associated malware for free.
Symptoms in a RootRepeal Log
Service Name: H8SRTd.sys
Image Path: C:\WINDOWS\system32\drivers\H8SRTnfvywoxwtx.sys
Use the following instructions to remove H8SRT trojan (Rootkit.TDSS)
Step 1. Remove core components of H8SRT trojan (Rootkit.TDSS)
Download TDSSKiller from here and unzip to your desktop.
Open TDSSKiller folder.
Double click the TDSSKiller icon and follow the prompts.
Step 2. Remove H8SRT trojan (Rootkit.TDSS) associated malware
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for H8SRT trojan (Rootkit.TDSS) infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start H8SRT trojan (Rootkit.TDSS) removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
H8SRT trojan (Rootkit.TDSS) creates the following files and folders
Spyware can do the following:
1. gather information about user habits of use of the Internet, what sites are visited most frequently (known as “tracking software”);
2. record keystrokes (keyloggers) and make a screenshots (screen scraper) and send collected data to the creator of the spyware;
3. remotely control user computer (remote control software) – backdoor, botnets, droneware;
4. download and run on user computer an additional malware;
5. analyze the state of security systems, scan an open ports, and look for vulnerabilities to crack passwords;
H8SRT trojan (Rootkit.TDSS) creates the following registry keys and values