05-20-2011, 01:21 AM
Rootkit:W32/Zxshell.B
Name : Rootkit:W32/Zxshell.B
Category: Malware
Type: Rootkit
Platform: INF
Summary
Rootkit:W32/Zxshell.B is dropped by Backdoor:W32/Zxshell.A and basically functions as a protection mechanism for its main payload file.
Disinfection
Allow F-Secure Anti-Virus to disinfect the relevant files.
For more general information on disinfection, please see Removal Instructions.
Additional Details
Rootkit:W32/Zxshell.B tries to protect the main payload DLL file by:
Hiding files which contains underscore "_" by installing hooks to the file system driver
Attempting to hide the tcp port 443
Detect if the following security product exist:
NOD32
AVP
360Safe
AVG
Avast
AhnSD
McShield
IceSword
The driver can easily crash the system when it fails in its attempt to hook the kernel drivers, for example the ntfs.sys and tcpip.sys.
Name : Rootkit:W32/Zxshell.B
Category: Malware
Type: Rootkit
Platform: INF
Summary
Rootkit:W32/Zxshell.B is dropped by Backdoor:W32/Zxshell.A and basically functions as a protection mechanism for its main payload file.
Disinfection
Allow F-Secure Anti-Virus to disinfect the relevant files.
For more general information on disinfection, please see Removal Instructions.
Additional Details
Rootkit:W32/Zxshell.B tries to protect the main payload DLL file by:
Hiding files which contains underscore "_" by installing hooks to the file system driver
Attempting to hide the tcp port 443
Detect if the following security product exist:
NOD32
AVP
360Safe
AVG
Avast
AhnSD
McShield
IceSword
The driver can easily crash the system when it fails in its attempt to hook the kernel drivers, for example the ntfs.sys and tcpip.sys.