Skip to main content
Skip to main content
Microsoft Security Intelligence
Cart 0 items in shopping cart
Sign in
Published Dec 07, 2005 | Updated Sep 15, 2017

VirTool:WinNT/Zufyx.D

Detected by Microsoft Defender Antivirus

Aliases: No associated aliases

Summary

VirTool:WinNT/Zufyx.D is a kernel-mode rootkit that targets computers running Microsoft Windows NT-based operating systems. The rootkit hides itself and can be configured by attackers to hide other malicious files, processes, directories, and registry settings. For example, the rootkit can be installed by Trojan dropper Trojan:Win32/Apropos.B.dr to hide Trojan:Win32/Apropos.B. 
It is not possible to recover manually from VirTool:WinNT/Zufyx.D. Consult the vendor of your antivirus software for specific directions for removing this rootkit.
 
Follow these steps to remove VirTool:WinNT/Zufyx.D using the online scanner at the Microsoft Safety Scanner:
  1. Restart your computer in safe mode.
  2. Run the online scanner at the Microsoft Safety Scanner.
  3. Restart your computer.
  4. Take steps to prevent re-infection.

Restart your computer in safe mode

To start your the computer in safe mode
  1. Remove all floppy disks and CDs from your computer, and then restart your computer.
  2. When prompted, press F8. If Windows starts without displaying the Please select the operating system to start menu, restart your computer. Press F8 after the firmware POST process completes, but before Windows displays graphical output.
  3. From the Windows Advanced Options menu, select a safe mode option.

Run the Windows online scanner

  1. Go to the Microsoft Safety Scanner at http://go.microsoft.com/fwlink/?LinkId=212742
  2. Click Protection:
  3. Click Protection Scan:


    Note: Windows safe mode sometimes uses a low resolution for the monitor display. Therefore, when the protection scan runs in safe mode, some user interface controls may not be visible. In particular, the scan Cancel button may not appear on the screen, so that it is not possible to cancel a scan after it starts. This is a known issue in the current beta release of the online scanner.
  4. Follow the prompts when the scan is complete.

Restart your computer

To restart your computer
  1. On the Start menu, click Shut Down.
  2. Select Restart from the drop-down list and click OK.

Take steps to prevent re-infection

Do not reconnect your computer to the Internet until the computer is protected from re-infection. See the section on "How to Prevent Infection" for more information.
Follow us