Published Nov 29, 2007 | Updated Sep 15, 2017


Severe |Detected with Windows Defender Antivirus

Aliases: Exploit-Codebase.chm (McAfee) Worm:Win32/Rootcip.E (Microsoft) W32/Tdibd-C (Sophos) CHM_DROPPER.CLM (Trend Micro)


VirTool:WinNT/Rootkitdrv.CN is a detection for a rootkit, a type of driver crafted to hide files and registry keys from the user. The presence of this threat may indicate that additional malicious programs are present on the affected machine.
It is not possible to recover manually from VirTool:WinNT/Rootkitdrv.CN. You must use up-to-date antivirus software to completely clean this rootkit from your computer. To recover from VirTool:WinNT/Rootkitdrv.CN using antivirus software, follow these steps:
  1. Disconnect from the Internet.
  2. Run up-to-date antivirus software.
  3. Take steps to prevent re-infection.

Disconnect from the Internet  

To help ensure that your computer is not actively infecting other computers, disconnect it from the Internet before proceeding by unplugging your network cable or disabling your wireless connection. You can reconnect to the Internet after running antivirus software.

Run up-to-date antivirus software  

Run up-to-date antivirus software to completely clean this worm from your computer.

Take steps to prevent re-infection  

Do not reconnect your computer to the Internet until the computer is protected from re-infection. See the "Preventing Infection" section for more information.”
Follow us