Category Archives: Rootkit

Rootkit.Agent.aeb

Rootkit.Agent.aeb also known as Trojan.Obfuscated.MQ, W32/Koutodoor.A!tr.rkit. Malware Analysis of Rootkit.Agent.aeb – TYTCN.SYS Created files: %SYSDIR%\DRIVERS\TYTCN.SYS %SYSDIR%\MMBYLP.DLL Autostart registry keys: HKLM\System\CurrentControlSet\services\igzd\ImagePath: “system32\drivers\tytcn.sys” HKLM\System\CurrentControlSet\services\igzd\DisplayName: “igzd” Detected by UnHackMe: TYTCN.SYS Default location: %SYSDIR%\DRIVERS\TYTCN.SYS Dropper hash(md5): 3a26c251a1f64d06eafbbee9885b0487 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading

Rootkit.Agent.aeb

Rootkit.Agent.aeb also known as Trojan.Obfuscated.MQ, W32/Koutodoor.A!tr.rkit. Malware Analysis of Rootkit.Agent.aeb – TYTCN.SYS Created files: %SYSDIR%\DRIVERS\TYTCN.SYS %SYSDIR%\MMBYLP.DLL Autostart registry keys: HKLM\System\CurrentControlSet\services\igzd\ImagePath: “system32\drivers\tytcn.sys” HKLM\System\CurrentControlSet\services\igzd\DisplayName: “igzd” Detected by UnHackMe: TYTCN.SYS Default location: %SYSDIR%\DRIVERS\TYTCN.SYS Dropper hash(md5): 3a26c251a1f64d06eafbbee9885b0487 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading

RootKit.Win32.Undef.bwp

RootKit.Win32.Undef.bwp also known as Trojan.Obfuscated.MQ, Trojan.Obfuscated.MQ, BackDoor-DTL.sys. Malware Analysis of RootKit.Win32.Undef.bwp – TYTCN.SYS Created files: %SYSDIR%\DRIVERS\TYTCN.SYS %SYSDIR%\MMBYLP.DLL Autostart registry keys: HKLM\System\CurrentControlSet\services\igzd\ImagePath: “system32\drivers\tytcn.sys” HKLM\System\CurrentControlSet\services\igzd\DisplayName: “igzd” Detected by UnHackMe: TYTCN.SYS Default location: %SYSDIR%\DRIVERS\TYTCN.SYS Dropper hash(md5): 3a26c251a1f64d06eafbbee9885b0487 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading

RootKit.Win32.Undef.bwp

RootKit.Win32.Undef.bwp also known as Trojan.Obfuscated.MQ, Trojan.Obfuscated.MQ, BackDoor-DTL.sys. Malware Analysis of RootKit.Win32.Undef.bwp – TYTCN.SYS Created files: %SYSDIR%\DRIVERS\TYTCN.SYS %SYSDIR%\MMBYLP.DLL Autostart registry keys: HKLM\System\CurrentControlSet\services\igzd\ImagePath: “system32\drivers\tytcn.sys” HKLM\System\CurrentControlSet\services\igzd\DisplayName: “igzd” Detected by UnHackMe: TYTCN.SYS Default location: %SYSDIR%\DRIVERS\TYTCN.SYS Dropper hash(md5): 3a26c251a1f64d06eafbbee9885b0487 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading

W32/Rootkit.A

W32/Rootkit.A also known as Trojan/Win32.Rootkit, Trojan.Win32.PSWIGames.5504.Q[h], TrojanPSW.Magania. Malware Analysis of W32/Rootkit.A – B1A18A3E.SYS Created files: %WINDIR%\MINIDUMP\060616-10921-01.DMP %WINDIR%\MINIDUMP\060616-11015-01.DMP %SYSDIR%\B1A18A3E.SYS %WINDIR%\TEMP\WER-25484-0.SYSDATA.XML %WINDIR%\TEMP\WER-25953-0.SYSDATA.XML Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\*WerKernelReporting: “%SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\B1A18A3E\IMAGEPATH: “\??\%SYSDIR%\B1A18A3E.SYS” HKLM\System\CurrentControlSet\services\b1a18a3e\DisplayName: “b1a18a3e” Detected by UnHackMe: B1A18A3E.SYS Default location: %SYSDIR%\B1A18A3E.SYS Dropper hash(md5): 0eb48cf096cc074fe88586a83ba9511f Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most…

Continue reading

Rootkit-Agent.BJ

Rootkit-Agent.BJ also known as Artemis!3C7164535486, Trojan.Win32.PSWIGames.5504.Q[h], W32/Magania.SZSB-7419. Malware Analysis of Rootkit-Agent.BJ – B1A18A3E.SYS Created files: %WINDIR%\MINIDUMP\060616-10921-01.DMP %WINDIR%\MINIDUMP\060616-11015-01.DMP %SYSDIR%\B1A18A3E.SYS %WINDIR%\TEMP\WER-25484-0.SYSDATA.XML %WINDIR%\TEMP\WER-25953-0.SYSDATA.XML Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\*WerKernelReporting: “%SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\B1A18A3E\IMAGEPATH: “\??\%SYSDIR%\B1A18A3E.SYS” HKLM\System\CurrentControlSet\services\b1a18a3e\DisplayName: “b1a18a3e” Detected by UnHackMe: B1A18A3E.SYS Default location: %SYSDIR%\B1A18A3E.SYS Dropper hash(md5): 0eb48cf096cc074fe88586a83ba9511f Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most…

Continue reading

Rootkit.Agent!FZUEIGT2kRs

Rootkit.Agent!FZUEIGT2kRs also known as Trj/CI.A, Rootkit.Agent, Rootkit.Win32.Agent.bqvw. Malware Analysis of Rootkit.Agent!FZUEIGT2kRs – 02E15FE2.SYS Created files: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_SVCHOST.EXE_32BBC35FF0EE25C492A925EF8D7EEE66235A4E0_CAB_0EFD7980\WER5CA4.TMP.HDMP %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_SVCHOST.EXE_32BBC35FF0EE25C492A925EF8D7EEE66235A4E0_CAB_0EFD7980\WER6F90.TMP.MDMP %SYSDIR%\02E15FE2.SYS %SYSDIR%\37CE2FDA.SYS %SYSDIR%\471776C1.SYS Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\*WerKernelReporting: “%SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\37CE2FDA\IMAGEPATH: “\??\%SYSDIR%\37CE2FDA.SYS” HKLM\System\CurrentControlSet\services\37CE2FDA\DisplayName: “37CE2FDA” HKLM\System\CurrentControlSet\services\fastuserswitchingcompatibility\ImagePath: “%SystemRoot%\System32\Svchost.exe -k netsvcs” HKLM\System\CurrentControlSet\services\fastuserswitchingcompatibility\DisplayName: “FastUserSwitchingCompatibility” HKLM\System\CurrentControlSet\services\drmkaud\ImagePath: “system32\471776C1.sys” Detected by UnHackMe: 02E15FE2.SYS Default location: %SYSDIR%\02E15FE2.SYS Dropper hash(md5): d682b0dab944bd2322fb7e5f4c2bcdf0 Share This: UnHackMe removes…

Continue reading

Rootkit.Agent!FZUEIGT2kRs

Rootkit.Agent!FZUEIGT2kRs also known as Trj/CI.A, Rootkit.Agent, Rootkit.Win32.Agent.bqvw. Malware Analysis of Rootkit.Agent!FZUEIGT2kRs – 02E15FE2.SYS Created files: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_SVCHOST.EXE_32BBC35FF0EE25C492A925EF8D7EEE66235A4E0_CAB_0EFD7980\WER5CA4.TMP.HDMP %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_SVCHOST.EXE_32BBC35FF0EE25C492A925EF8D7EEE66235A4E0_CAB_0EFD7980\WER6F90.TMP.MDMP %SYSDIR%\02E15FE2.SYS %SYSDIR%\37CE2FDA.SYS %SYSDIR%\471776C1.SYS Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\*WerKernelReporting: “%SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\37CE2FDA\IMAGEPATH: “\??\%SYSDIR%\37CE2FDA.SYS” HKLM\System\CurrentControlSet\services\37CE2FDA\DisplayName: “37CE2FDA” HKLM\System\CurrentControlSet\services\fastuserswitchingcompatibility\ImagePath: “%SystemRoot%\System32\Svchost.exe -k netsvcs” HKLM\System\CurrentControlSet\services\fastuserswitchingcompatibility\DisplayName: “FastUserSwitchingCompatibility” HKLM\System\CurrentControlSet\services\drmkaud\ImagePath: “system32\471776C1.sys” Detected by UnHackMe: 02E15FE2.SYS Default location: %SYSDIR%\02E15FE2.SYS Dropper hash(md5): d682b0dab944bd2322fb7e5f4c2bcdf0 Share This: UnHackMe removes…

Continue reading

Rootkit.Win32.Agent.bqvw

Rootkit.Win32.Agent.bqvw also known as Rootkit.Agent.nzb, Rootkit.Agent, TROJ_GEN.RFFCEJT. Malware Analysis of Rootkit.Win32.Agent.bqvw – 02E15FE2.SYS Created files: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_SVCHOST.EXE_32BBC35FF0EE25C492A925EF8D7EEE66235A4E0_CAB_0EFD7980\WER5CA4.TMP.HDMP %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_SVCHOST.EXE_32BBC35FF0EE25C492A925EF8D7EEE66235A4E0_CAB_0EFD7980\WER6F90.TMP.MDMP %SYSDIR%\02E15FE2.SYS %SYSDIR%\37CE2FDA.SYS %SYSDIR%\471776C1.SYS Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\*WerKernelReporting: “%SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\37CE2FDA\IMAGEPATH: “\??\%SYSDIR%\37CE2FDA.SYS” HKLM\System\CurrentControlSet\services\37CE2FDA\DisplayName: “37CE2FDA” HKLM\System\CurrentControlSet\services\fastuserswitchingcompatibility\ImagePath: “%SystemRoot%\System32\Svchost.exe -k netsvcs” HKLM\System\CurrentControlSet\services\fastuserswitchingcompatibility\DisplayName: “FastUserSwitchingCompatibility” HKLM\System\CurrentControlSet\services\drmkaud\ImagePath: “system32\471776C1.sys” Detected by UnHackMe: 02E15FE2.SYS Default location: %SYSDIR%\02E15FE2.SYS Dropper hash(md5): d682b0dab944bd2322fb7e5f4c2bcdf0 Share This: UnHackMe removes…

Continue reading

Rootkit.Win32.Agent.bqvw

Rootkit.Win32.Agent.bqvw also known as Rootkit.Agent.nzb, Rootkit.Agent, TROJ_GEN.RFFCEJT. Malware Analysis of Rootkit.Win32.Agent.bqvw – 02E15FE2.SYS Created files: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_SVCHOST.EXE_32BBC35FF0EE25C492A925EF8D7EEE66235A4E0_CAB_0EFD7980\WER5CA4.TMP.HDMP %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_SVCHOST.EXE_32BBC35FF0EE25C492A925EF8D7EEE66235A4E0_CAB_0EFD7980\WER6F90.TMP.MDMP %SYSDIR%\02E15FE2.SYS %SYSDIR%\37CE2FDA.SYS %SYSDIR%\471776C1.SYS Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\*WerKernelReporting: “%SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\37CE2FDA\IMAGEPATH: “\??\%SYSDIR%\37CE2FDA.SYS” HKLM\System\CurrentControlSet\services\37CE2FDA\DisplayName: “37CE2FDA” HKLM\System\CurrentControlSet\services\fastuserswitchingcompatibility\ImagePath: “%SystemRoot%\System32\Svchost.exe -k netsvcs” HKLM\System\CurrentControlSet\services\fastuserswitchingcompatibility\DisplayName: “FastUserSwitchingCompatibility” HKLM\System\CurrentControlSet\services\drmkaud\ImagePath: “system32\471776C1.sys” Detected by UnHackMe: 02E15FE2.SYS Default location: %SYSDIR%\02E15FE2.SYS Dropper hash(md5): d682b0dab944bd2322fb7e5f4c2bcdf0 Share This: UnHackMe removes…

Continue reading

Rootkit.Agent.bqvw

Rootkit.Agent.bqvw also known as Win32:Jadtre-H [Rtk], Gen:Variant.Jadtre.1 (B), Rootkit.Agent!FZUEIGT2kRs. Malware Analysis of Rootkit.Agent.bqvw – 02E15FE2.SYS Created files: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_SVCHOST.EXE_32BBC35FF0EE25C492A925EF8D7EEE66235A4E0_CAB_0EFD7980\WER5CA4.TMP.HDMP %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_SVCHOST.EXE_32BBC35FF0EE25C492A925EF8D7EEE66235A4E0_CAB_0EFD7980\WER6F90.TMP.MDMP %SYSDIR%\02E15FE2.SYS %SYSDIR%\37CE2FDA.SYS %SYSDIR%\471776C1.SYS Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\*WerKernelReporting: “%SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\37CE2FDA\IMAGEPATH: “\??\%SYSDIR%\37CE2FDA.SYS” HKLM\System\CurrentControlSet\services\37CE2FDA\DisplayName: “37CE2FDA” HKLM\System\CurrentControlSet\services\fastuserswitchingcompatibility\ImagePath: “%SystemRoot%\System32\Svchost.exe -k netsvcs” HKLM\System\CurrentControlSet\services\fastuserswitchingcompatibility\DisplayName: “FastUserSwitchingCompatibility” HKLM\System\CurrentControlSet\services\drmkaud\ImagePath: “system32\471776C1.sys” Detected by UnHackMe: 02E15FE2.SYS Default location: %SYSDIR%\02E15FE2.SYS Dropper hash(md5): d682b0dab944bd2322fb7e5f4c2bcdf0 Share This:…

Continue reading

Rootkit.Agent.bqvw

Rootkit.Agent.bqvw also known as Win32:Jadtre-H [Rtk], Gen:Variant.Jadtre.1 (B), Rootkit.Agent!FZUEIGT2kRs. Malware Analysis of Rootkit.Agent.bqvw – 02E15FE2.SYS Created files: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_SVCHOST.EXE_32BBC35FF0EE25C492A925EF8D7EEE66235A4E0_CAB_0EFD7980\WER5CA4.TMP.HDMP %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_SVCHOST.EXE_32BBC35FF0EE25C492A925EF8D7EEE66235A4E0_CAB_0EFD7980\WER6F90.TMP.MDMP %SYSDIR%\02E15FE2.SYS %SYSDIR%\37CE2FDA.SYS %SYSDIR%\471776C1.SYS Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\*WerKernelReporting: “%SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\37CE2FDA\IMAGEPATH: “\??\%SYSDIR%\37CE2FDA.SYS” HKLM\System\CurrentControlSet\services\37CE2FDA\DisplayName: “37CE2FDA” HKLM\System\CurrentControlSet\services\fastuserswitchingcompatibility\ImagePath: “%SystemRoot%\System32\Svchost.exe -k netsvcs” HKLM\System\CurrentControlSet\services\fastuserswitchingcompatibility\DisplayName: “FastUserSwitchingCompatibility” HKLM\System\CurrentControlSet\services\drmkaud\ImagePath: “system32\471776C1.sys” Detected by UnHackMe: 02E15FE2.SYS Default location: %SYSDIR%\02E15FE2.SYS Dropper hash(md5): d682b0dab944bd2322fb7e5f4c2bcdf0 Share This:…

Continue reading

Rootkit.Agent.Win32.7315

Rootkit.Agent.Win32.7315 also known as Gen:Variant.Graftor.46430, Backdoor ( 0015d97e1 ), Trojan.Agent/Gen-Koutodoor. Malware Analysis of Rootkit.Agent.Win32.7315 – OWCIO.SYS Created files: %SYSDIR%\DRIVERS\OWCIO.SYS %SYSDIR%\WXRS.DLL Autostart registry keys: HKLM\System\CurrentControlSet\services\dsnefvr\ImagePath: “system32\drivers\owcio.sys” HKLM\System\CurrentControlSet\services\dsnefvr\DisplayName: “dsnefvr” Detected by UnHackMe: OWCIO.SYS Default location: %SYSDIR%\DRIVERS\OWCIO.SYS Dropper hash(md5): 28977151762f084f174422acfa9c91e3 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading

Win32/Rootkit!generic

Win32/Rootkit!generic also known as Gen:Variant.Graftor.46430, Rootkit.Agent, Win32.Rootkit.Koutodoor.a. Malware Analysis of Win32/Rootkit!generic – OWCIO.SYS Created files: %SYSDIR%\DRIVERS\OWCIO.SYS %SYSDIR%\WXRS.DLL Autostart registry keys: HKLM\System\CurrentControlSet\services\dsnefvr\ImagePath: “system32\drivers\owcio.sys” HKLM\System\CurrentControlSet\services\dsnefvr\DisplayName: “dsnefvr” Detected by UnHackMe: OWCIO.SYS Default location: %SYSDIR%\DRIVERS\OWCIO.SYS Dropper hash(md5): 28977151762f084f174422acfa9c91e3 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading

RootKit.Win32.Agent.gag

RootKit.Win32.Agent.gag also known as Rootkit.Koutodoor.Gen.2, Trojan:Win32/Koutodoor.F, Backdoor ( 0015d97e1 ). Malware Analysis of RootKit.Win32.Agent.gag – OWCIO.SYS Created files: %SYSDIR%\DRIVERS\OWCIO.SYS %SYSDIR%\WXRS.DLL Autostart registry keys: HKLM\System\CurrentControlSet\services\dsnefvr\ImagePath: “system32\drivers\owcio.sys” HKLM\System\CurrentControlSet\services\dsnefvr\DisplayName: “dsnefvr” Detected by UnHackMe: OWCIO.SYS Default location: %SYSDIR%\DRIVERS\OWCIO.SYS Dropper hash(md5): 28977151762f084f174422acfa9c91e3 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading

Heuristic.BehavesLike.Win32.Rootkit.H

Heuristic.BehavesLike.Win32.Rootkit.H also known as TR/Spy.Gen, Trojan-GameThief.Win32.WOW.zqf, Win32:Lolyda-B. Malware Analysis of Heuristic.BehavesLike.Win32.Rootkit.H – MJ.DLL Created files: %TEMP%\90058796.DLL %TEMP%\MJ.DLL Detected by UnHackMe: MJ.DLL DEFAULT LOCATION: %TEMP%\MJ.DLL Dropper hash(md5): d4a26452f80b95964599e1df8cb7d9df Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form…

Continue reading

RootKit.Win32.Koutodoor.bg

RootKit.Win32.Koutodoor.bg also known as VirTool.WinNT.Koutodoor.A (v), Gen:Variant.Graftor.46430, a variant of Win32/Koutodoor.CA. Malware Analysis of RootKit.Win32.Koutodoor.bg – AEVOI.SYS Created files: %SYSDIR%\DRIVERS\AEVOI.SYS %SYSDIR%\PIBU.DLL Autostart registry keys: HKLM\System\CurrentControlSet\services\emowih\ImagePath: “system32\drivers\aevoi.sys” HKLM\System\CurrentControlSet\services\emowih\DisplayName: “emowih” Detected by UnHackMe: AEVOI.SYS Default location: %SYSDIR%\DRIVERS\AEVOI.SYS Dropper hash(md5): bf65f0e8e560b7462466483fa0d85147 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe…

Continue reading

Rootkit.Koutodoor.Gen.2

Rootkit.Koutodoor.Gen.2 also known as Gen:Variant.Graftor.46430, Win32/Cryptor, Gen:Variant.Graftor.46430. Malware Analysis of Rootkit.Koutodoor.Gen.2 – AEVOI.SYS Created files: %SYSDIR%\DRIVERS\AEVOI.SYS %SYSDIR%\PIBU.DLL Autostart registry keys: HKLM\System\CurrentControlSet\services\emowih\ImagePath: “system32\drivers\aevoi.sys” HKLM\System\CurrentControlSet\services\emowih\DisplayName: “emowih” Detected by UnHackMe: AEVOI.SYS Default location: %SYSDIR%\DRIVERS\AEVOI.SYS Dropper hash(md5): bf65f0e8e560b7462466483fa0d85147 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading

Rootkit.Agent.Win32.3336

Rootkit.Agent.Win32.3336 also known as W32/Agent.DF.gen!Eldorado, Gen:Variant.Graftor.46430, Koutodoor. Malware Analysis of Rootkit.Agent.Win32.3336 – AEVOI.SYS Created files: %SYSDIR%\DRIVERS\AEVOI.SYS %SYSDIR%\PIBU.DLL Autostart registry keys: HKLM\System\CurrentControlSet\services\emowih\ImagePath: “system32\drivers\aevoi.sys” HKLM\System\CurrentControlSet\services\emowih\DisplayName: “emowih” Detected by UnHackMe: AEVOI.SYS Default location: %SYSDIR%\DRIVERS\AEVOI.SYS Dropper hash(md5): bf65f0e8e560b7462466483fa0d85147 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading

Rootkit.Agent.plm

Rootkit.Agent.plm also known as W32/Agent.DF.gen!Eldorado, Gen:Variant.Graftor.46430, W32/Agent.DF.gen!Eldorado. Malware Analysis of Rootkit.Agent.plm – AEVOI.SYS Created files: %SYSDIR%\DRIVERS\AEVOI.SYS %SYSDIR%\PIBU.DLL Autostart registry keys: HKLM\System\CurrentControlSet\services\emowih\ImagePath: “system32\drivers\aevoi.sys” HKLM\System\CurrentControlSet\services\emowih\DisplayName: “emowih” Detected by UnHackMe: AEVOI.SYS Default location: %SYSDIR%\DRIVERS\AEVOI.SYS Dropper hash(md5): bf65f0e8e560b7462466483fa0d85147 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading

Rootkit.Agent!1.6784

Rootkit.Agent!1.6784 also known as Troj/PWS-BJM, Worm/Win32.AutoRun, WORM_OTORUN.SMIE. Malware Analysis of Rootkit.Agent!1.6784 – ASFONMQOMP.EXE Created files: %SYSTEMDRIVE%\VSPS\VSPS.EXE %Program Files Common%\BOSC.dll %COMMON APPDATA%\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\ASFONMQOMP.EXE %PUBLIC%\DESKTOP\INTENNET EXPLONER.LNK %SYSDIR%\LYPPMJJULK\SMSS.EXE Detected by UnHackMe: ASFONMQOMP.EXE DEFAULT LOCATION: %COMMON APPDATA%\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\ASFONMQOMP.EXE Dropper hash(md5): 5e1c09702dedca71af2ab6d71ad7daca Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading

Rootkit.Agent.bj

Rootkit.Agent.bj also known as Trojan.Win32.Agent.42, TR/Rootkit.A.12, Hacktool.Rootkit. Malware Analysis of Rootkit.Agent.bj – LSLPG.SYS Created files: %SysDir%\drivers\lslpg.sys %SysDir%\wmdrtc32.dll %SysDir%\wmdrtc32.dl_ Autostart registry keys: HKLM\System\CurrentControlSet\Services\NdisFileServices32\ImagePath: “\??\%SysDir%\drivers\lslpg.sys” HKLM\System\CurrentControlSet\Services\NdisFileServices32\DisplayName: “NdisFileServices32” Detected by UnHackMe: LSLPG.SYS Default location: %SYSDIR%\DRIVERS\LSLPG.SYS Dropper hash(md5): d816f46eeb5e45157effdb8a0236fcf1 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading

W32/Rootkit.HYS!tr

W32/Rootkit.HYS!tr also known as MemScan:Trojan.Agent.AGVR (B), Packed.Win32.FakeVMP.1!O, Win32.Troj.Undef.(kcloud). Malware Analysis of W32/Rootkit.HYS!tr – D776C3B3944723871B48421DED372A80.EXE Created files: %SysDir%\d776c3b3944723871b48421ded372a80.exe Autostart registry keys: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: “%SysDir%\userinit.exe,,%SysDir%\d776c3b3944723871b48421ded372a80.exe” Detected by UnHackMe: D776C3B3944723871B48421DED372A80.EXE Default location: %SYSDIR%\D776C3B3944723871B48421DED372A80.EXE Dropper hash(md5): d776c3b3944723871b48421ded372a80 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading

Rootkit.W32.Agent.dgsr!c

Rootkit.W32.Agent.dgsr!c also known as Rootkit.Agent2!bSORYAHCpSw, RTKT_WAPOMI.SM, Win32.Trojan.Wapomi.z. Malware Analysis of Rootkit.W32.Agent.dgsr!c – 16444EC4.SYS Created files: %SysDir%\16444EC4.sys %SysDir%\dmutilio.dll Autostart registry keys: HKLM\System\CurrentControlSet\Services\16444EC4\ImagePath: “system32\16444EC4.sys” Detected by UnHackMe: 16444EC4.SYS Default location: %SYSDIR%\16444EC4.SYS Dropper hash(md5): d803c0699cda2b497d7308f1fe1ffbd0 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading

PE:RootKit.Win32.Undef.cuq!1591110 [F]

PE:RootKit.Win32.Undef.cuq!1591110 [F] also known as Trojan.Win32.Generic!BT, W32.SalitySYS.Rootkit. Malware Analysis of PE:RootKit.Win32.Undef.cuq!1591110 [F] – KIJON.SYS Created files: %Recent%\Local Disk (C).lnk %Recent%\n7.lnk %SysDir%\drivers\kijon.sys C:\autorun.inf C:\n7.jpg Autostart registry keys: HKLM\System\CurrentControlSet\Services\amsint32\ImagePath: “\??\%SysDir%\drivers\kijon.sys” HKLM\System\CurrentControlSet\Services\amsint32\DisplayName: “amsint32” Detected by UnHackMe: KIJON.SYS Default location: %SYSDIR%\DRIVERS\KIJON.SYS Dropper hash(md5): d832bfe74a70c9c9afc06ff70e73e374 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus…

Continue reading

RootKit.Win32.Sality.A

RootKit.Win32.Sality.A also known as NTRootKit-AB, Virus ( 0019fcdd1 ), Trojan:WinNT/Sality. Malware Analysis of RootKit.Win32.Sality.A – KIJON.SYS Created files: %Recent%\Local Disk (C).lnk %Recent%\n7.lnk %SysDir%\drivers\kijon.sys C:\autorun.inf C:\n7.jpg Autostart registry keys: HKLM\System\CurrentControlSet\Services\amsint32\ImagePath: “\??\%SysDir%\drivers\kijon.sys” HKLM\System\CurrentControlSet\Services\amsint32\DisplayName: “amsint32” Detected by UnHackMe: KIJON.SYS Default location: %SYSDIR%\DRIVERS\KIJON.SYS Dropper hash(md5): d832bfe74a70c9c9afc06ff70e73e374 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with…

Continue reading

Rootkit.Agent.hmn

Rootkit.Agent.hmn also known as Trojan/Agent.bhvc, W32/MalwareS.BKEA, Rootkit.Agent.r5. Malware Analysis of Rootkit.Agent.hmn – 2BBB4B85.SYS Created files: %Temp%\BIT4.tmp %SysDir%\drivers\2BBB4B85.sys Autostart registry keys: HKLM\System\CurrentControlSet\Services\2BBB4B85\ImagePath: “system32\drivers\2BBB4B85.sys” Detected by UnHackMe: 2BBB4B85.SYS Default location: %SYSDIR%\DRIVERS\2BBB4B85.SYS Dropper hash(md5): d6035e93ab8ad024a0086ab94338dcd0 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading

PE:RootKit.Win32.Fednu.k!1588860 [F]

PE:RootKit.Win32.Fednu.k!1588860 [F] also known as Generic Malware, Gen:Variant.Jadtre.1, Win32.Troj.Generic.a.(kcloud). Malware Analysis of PE:RootKit.Win32.Fednu.k!1588860 [F] – 2BBB4B85.SYS Created files: %Temp%\BIT4.tmp %SysDir%\drivers\2BBB4B85.sys Autostart registry keys: HKLM\System\CurrentControlSet\Services\2BBB4B85\ImagePath: “system32\drivers\2BBB4B85.sys” Detected by UnHackMe: 2BBB4B85.SYS Default location: %SYSDIR%\DRIVERS\2BBB4B85.SYS Dropper hash(md5): d6035e93ab8ad024a0086ab94338dcd0 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading

Rootkit.Vanti.ep

Rootkit.Vanti.ep also known as Trojan.Win32.Mian007.e, BackDoor.Generic3.YQC, Trojan.Win32.Amvo.Gen. Malware Analysis of Rootkit.Vanti.ep – Z.DLL Created files: %Temp%\z.dll %SysDir%\xydll.dll %WinDir%\Download\svhost32.exe Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\xy: “%WinDir%\Download\svhost32.exe” Detected by UnHackMe: Z.DLL Default location: %TEMP%\Z.DLL Dropper hash(md5): d876c4a74824ad7d9e823db501654570 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading

Rootkit.Vanti.ahy

Rootkit.Vanti.ahy also known as Win32.Hacktool, Rootkit.Win32.Vanti.df, Trojan.Lineage.Gen!Pac.3. Malware Analysis of Rootkit.Vanti.ahy – Z.DLL Created files: %Temp%\z.dll %SysDir%\xydll.dll %WinDir%\Download\svhost32.exe Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\xy: “%WinDir%\Download\svhost32.exe” Detected by UnHackMe: Z.DLL Default location: %TEMP%\Z.DLL Dropper hash(md5): d876c4a74824ad7d9e823db501654570 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera