Trojan:Win32/Rootkit.C is a rootkit trojan that is run even if the system restarts in safe mode. It is configured to hide certain files, which may be components of other malware.

TrojanDropper:Win32/Rooter.A is a generic detection for a trojan that may drop other malware. While the malware that it drops may vary from one instance to another, in the wild we have seen it dropping malware from several different families, including WinNT/Srizbi, Win32/Renos and Win32/Meredrop.

Windows Defender Antivirus detects and removes this threat.

 

Srizbi is a trojan that can be remotely controlled to send spam. It also contains rootkit functionality to hide itself.

Srizbi is a trojan that can be remotely controlled to send spam. It also contains rootkit functionality to hide itself.

Trojan:Win32/Alureon.BH is a component of Win32/Alureon - a family of data-stealing trojans. These trojans allow an attacker to intercept incoming and outgoing Internet traffic in order to gather confidential information such as user names, passwords, and credit card data. The Win32/Alureon trojan may also allow an attacker to transmit malicious data to the infected computer. The trojan may modify DNS settings on the host computer to enable the attacker to perform these tasks. As a result, it may be necessary to reconfigure DNS settings after Win32/Alureon is removed from the computer.

Trojan:Win32/Alureon.BK is a component Win32/Alureon - a family of data-stealing trojans. These trojans allow an attacker to intercept incoming and outgoing Internet traffic to gather confidential information such as user names, passwords, and credit card data. The Win32/Alureon trojan may also allow an attacker to transmit malicious data to the infected computer. The trojan may modify DNS settings on the host computer to enable the attacker to perform these tasks. As a result, it may be necessary to reconfigure DNS settings after Win32/Alureon is removed from the computer.

TrojanSpy:Win32/Ursnif.DW is a trojan that steals sensitive information from an affected machine.

TrojanSpy:Win32/Ursnif.DK is a trojan that steals sensitive information from an affected machine.

Trojan:WinNT/Umveet.gen!A is the generic detection for a rootkit component commonly used by some variants of the Win32/Taterf family.

Backdoor:Win32/Rustock is a rootkit-enabled proxy trojan used to send large volumes of spam from infected computers. The trojan consists of a user mode installer and a kernel mode rootkit driver. The rootkit driver hides registry keys, files, TCP ports and memory objects and also hides itself from applications containing the following strings: RootkitReveller, BlackLight, Rkdetector, Gmer, Endoscope, DarkSpy, Anti-rootkit.

Backdoor:Win32/Rustock is a rootkit-enabled proxy trojan used to send large volumes of spam from infected computers. The trojan consists of a user mode installer and a kernel mode rootkit driver. The rootkit driver hides registry keys, files, TCP ports and memory objects and also hides itself from applications containing the following strings: RootkitReveller, BlackLight, Rkdetector, Gmer, Endoscope, DarkSpy, Anti-rootkit.

Win32/Rustock is a multi-component family of rootkit-enabled backdoor trojans, which were historically developed to aid in the distribution of 'spam' e-mail. First discovered sometime in early 2006, Rustock has evolved to become a prevalent and pervasive threat. Recent variants appear to be associated with the incidence of rogue security programs.

Backdoor:Win32/Rustock is a rootkit-enabled proxy trojan used to send large volumes of spam from infected computers. The trojan consists of a user mode installer and a kernel mode rootkit driver. The rootkit driver hides registry keys, files, TCP ports and memory objects and also hides itself from applications containing the following strings: RootkitReveller, BlackLight, Rkdetector, Gmer, Endoscope, DarkSpy, Anti-rootkit.

Backdoor:WinNT/Rustock is a rootkit-enabled proxy trojan used to send large volumes of spam from infected computers. The trojan consists of a user mode installer and a kernel mode rootkit driver. The rootkit driver hides registry keys, files, TCP ports and memory objects and also hides itself from applications containing the following strings: RootkitReveller, BlackLight, Rkdetector, Gmer, Endoscope, DarkSpy, Anti-rootkit.

Backdoor:Win32/Rustock is a rootkit-enabled proxy trojan used to send large volumes of spam from infected computers. The trojan consists of a user mode installer and a kernel mode rootkit driver. The rootkit driver hides registry keys, files, TCP ports and memory objects and also hides itself from applications containing the following strings: RootkitReveller, BlackLight, Rkdetector, Gmer, Endoscope, DarkSpy, Anti-rootkit.

VirTool:Win32/Rustock is a rootkit-enabled proxy trojan used to send large volumes of spam from infected computers. The trojan consists of a user mode installer and a kernel mode rootkit driver. The rootkit driver hides registry keys, files, TCP ports and memory objects and also hides itself from applications containing the following strings: RootkitReveller, BlackLight, Rkdetector, Gmer, Endoscope, DarkSpy, Anti-rootkit.

Win32/Rustock is a family of rootkit-enabled backdoor trojans used to send large volumes of spam from infected computers. The trojan consists of a user mode installer and a kernel mode rootkit driver. The rootkit driver hides registry keys, files, TCP ports and memory objects and also hides itself from applications containing the following strings: RootkitReveller, BlackLight, Rkdetector, Gmer, Endoscope, DarkSpy, Anti-rootkit.

Backdoor:Win32/Rustock is a rootkit-enabled proxy trojan used to send large volumes of spam from infected computers. The trojan consists of a user mode installer and a kernel mode rootkit driver. The rootkit driver hides registry keys, files, TCP ports and memory objects and also hides itself from applications containing the following strings: RootkitReveller, BlackLight, Rkdetector, Gmer, Endoscope, DarkSpy, Anti-rootkit.

Backdoor:Win32/Rustock is a rootkit-enabled proxy trojan used to send large volumes of spam from infected computers. The trojan consists of a user mode installer and a kernel mode rootkit driver. The rootkit driver hides registry keys, files, TCP ports and memory objects and also hides itself from applications containing the following strings: RootkitReveller, BlackLight, Rkdetector, Gmer, Endoscope, DarkSpy, Anti-rootkit.