McAfee > Theat Center > Virus Detail Page

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Aliases

• Hacktool.WNT.Rootkit (Symantec)

• NTRootKit-A

• TROJ_ROOTKIT (Trend)

• WinNT.RootKit (CA)

Characteristics

The NTRootKit is a hacker tool, used after an attacker has gained admin access to a Windows NT/2K system. Once the NTRootKit has been installed, an attacker can perform various functions, including:

• Hide processes, files, registry keys
• View typed keystrokes
• Crash Windows (BSOD)
• Redirect executable files

Symptoms

Presence of the files _root_.sys and deploy.exe

Method of Infection

This is an attack tool used by a hacker. Once installed, the attacker can potentially upload other tools, trojans, etc and conceal them with the aid of this rootkit.

Removal

All Users :
From a command prompt stop the _root_ service by typing "net stop _root_". Use specified engine and DAT files for detection and removal.

Additional Windows ME/XP removal considerations

Variants

Variants

N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Aliases

• Hacktool.WNT.Rootkit (Symantec)

• NTRootKit-A

• TROJ_ROOTKIT (Trend)

• WinNT.RootKit (CA)

Characteristics

Characteristics -

The NTRootKit is a hacker tool, used after an attacker has gained admin access to a Windows NT/2K system. Once the NTRootKit has been installed, an attacker can perform various functions, including:

• Hide processes, files, registry keys
• View typed keystrokes
• Crash Windows (BSOD)
• Redirect executable files

Symptoms

Symptoms -

Presence of the files _root_.sys and deploy.exe

Method of Infection

Method of Infection -

This is an attack tool used by a hacker. Once installed, the attacker can potentially upload other tools, trojans, etc and conceal them with the aid of this rootkit.

Removal -

Removal -

All Users :
From a command prompt stop the _root_ service by typing "net stop _root_". Use specified engine and DAT files for detection and removal.

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A