Symptoms

Tedroo will attempt to modify the infected computer's registry and may attempt to connect to a large list of mail servers in order to relay spam.

Analysis

Tedroo may make the following registry changes: Modified Key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS Added value: "ii" Added data: "1" Modified Key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS Added value: "host" Added data: "" - an IP address used to contact a Command & Control server. Modified Key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\BIT Added value: "id" Added data: various integer

recommended-action-logoInstructions

It is not recommended that any attempts to remove this family of malware be performed manually. Fortinet recommends running a full scan of your system using FortiClient Endpoint Protection to remove this threat.

Telemetry logoTelemetry