Win32/FURootkit

Detected by Microsoft Defender Antivirus

Aliases: No associated aliases

Summary

Virtool:Win32/FURootkit is a family of kernel-mode rootkit programs that target computers running certain versions of Microsoft Windows. It is primarily used to hide certain processes from process viewers or to hide certain device drivers. This rootkit is often bundled with other malicious software. For example, it is installed on a computer by some variants of Win32/Rbot.

Some variants of Win32/FURootkit can be configured to unlink certain processes from the EPROCESS linked list, so that the running process is hidden from Task Manager and other process-viewer applications. Some Win32/Rbot variants use this stealth method to hide themselves.

Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as the Microsoft Safety Scanner (http://go.microsoft.com/fwlink/?LinkId=212742). For more information, see http://www.microsoft.com/protect/computer/viruses/vista.mspx.

Win32/FURootkit

Summary

What to do now

Technical information

Threat behavior

Prevention

Take the following steps to help prevent infection on your system:

Enable a firewall on your computer

Get the latest computer updates

Use up-to-date antivirus software

Use caution with attachments and file transfers