is a kernel-mode driver component of Backdoor:Win32/Simda.A - a multi-component malware family. This component is responsible for hiding the backdoor's other components in the affected computer, as well as for manipulating the user's Internet traffic.
driver is dropped and loaded by the Backdoor:Win32/Simda.A installer.
Loads malware components
loads other malware components into system processes, such as "csrss.exe".
It also injects code into the system shell and web browser processes, such as:
Redirects Internet traffic and DNS requests to malicious hosts
has been observed to redirect user traffic to the following IP addresses:
where * is a number from 0 to 255.
Analysis by Sergey Chernyshev
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.