is an NDIS intermediate miniport driver
that blocks traffic intended for malware intelligence-gathering networks that belong to particular AV organizations in China.
Captures network traffic
Trojan:WinNT/Goriadu.gen!A is an NDIS intermediate miniport driver that blocks network traffic to prevent client programs from uploading data to a remote server. It does this by looking for certain keywords or server addresses in the HTTP request.
These keywords are:
Some of the remote servers that it monitors are:
If these keywords or server addresses are in the HTTP request, then network traffic is blocked.
Analysis by Jingli Li
Alert notifications or detections of this malware from installed antivirus or security software may be the only other symptoms.