Rootkit Entries
| Name | Filename | Status | Description |
|---|---|---|---|
| ATI TnL Rendering | atiddbxx.sys | X | A variant of the Haxdoor rootkit. |
| atietbxx | atietbxx.sys | X | A variant of the Goldun rootkit. |
| atixdaxx | atixdaxx.dll | X | A variant of the Goldun Trojan. This infection utilizes the atixdbxx.sys rootkit to hide itself. |
| ATI Hardware TnL Rendering | atixdbxx.sys | X | A variant of the Goldun rootkit. |
| TCPIP2 Kernel32 | avpe64.sys | X | Added by the Troj/Haxdoor-AP rootkit. |
| TCPIP Kernel32 | avpu32.sys | X | Added by the Troj/Haxdoor-ED. The rootkit logs the keypress in the file klogini.dll. |
| AVPX TCP | AVPX32.SYS | X | Added by the Troj/Haxdoor-Y backdoor trojan. This infection uses rootkit technology to hide itself from being seen. |
| AVPX64 TCP | AVPX64.SYS | X | Added by the Troj/Haxdoor-Y backdoor trojan. This infection uses rootkit technology to hide itself from being seen. |
| OPENSSL cryptoapi | axdebugld.sys | X | A variant of the Haxdoor rootkit. |
| BASFNDD | BASFNDD.sys | X | Identified by Kaspersky Antivirus as a variant of the Rootkit.Win32.Agent.to malware. |
| BlueODrv | blueodrv.sys | X | Added by the Infostealer.Blurax Trojan. Infostealer.Blurax is a Trojan horse that logs keystrokes and steals confidential information from the compromised computer. The Trojan may use rootkit techniques to hide its presence on the compromised computer. This part of the infection acts as a rootkit in order to the services. |
| DVB X11 controller | bmtdhk.sys | X | A variant of the Troj/Haxdor-Gen rootkit. |
| DVBa X11 controller | bmtdhk.sys | X | A variant of the Troj/Haxdor-Gen rootkit. |
| KeBoot | Boot32.sys | X | Added by the HaxDoor.B rootkit/backdoor Trojan. This service is installed as a system driver and is part of the rootkit functionality of this infection. |
| bqzpas | bqzpas.sys | X | Added by the Backdoor.Rustock backdoor rootkit. |
| bridges | bridges.sys | X | A rootkit driver service. |
| bsdpf64 | bsdpf64.sys | X | Added by the Shopperz infection. This driver acts like a rookit and prevents certain folders from being accessed. |
| bsdpr64 | bsdpr64.sys | X | Added by the Shopperz infection. This driver acts like a rookit and prevents certain folders from being accessed. |
| btstack | btstack.ibs | X | Added by the Mal/RKRustok-A worm and rootkit. |
| bzsqlpa | bzsqlpa.sys | X | Added by the Backdoor.Rustock backdoor rootkit. |
| CDRW overrun protection | cdscsix3r.sys | X | Added by a variant of the Troj/Haxdor-Gen rootkit. |
| system performance logging for TrueTime Driver Edition | chkzero.ex | X | Added by the Troj/Hackda-A Trojan & Rootkit. |
| cjamkm | cjamkm.sys | X | Added by a variant of the Troj/NTRootK-CM rootkit. |
| cjwriiigqazft | cjwriiigqazft.cat | X | Added by the Backdoor.Rustock backdoor rootkit. |
| clbdriver | clbdriver.sys | X | Identified as a variant of the Rootkit.Win32.Clbd.cx rootkit. |
| cmdriver | cmdriver.sys | X | Added by the SecurityRisk.Cashmoa rootkit. SecurityRisk.Cashmoa is a security risk that hides any processes that are named cmc.exe. |
| cmi4432 | cmi4432.sys | X | Added by the RTKT_DUQU.A rootkit. |
| core | core.sys | X | Identified by Spybot - Search and Destroy as Smitfraud-C.CoreService. This infection is a rootkit found with certain smitfraud infections. |
| CPU microcode correction | cpudev.sys | X | Added by the Troj/Haxdoor-AO Trojan. |
| cryptdrv | cryptdrv.sys | X | Added by the Backdoor.Rustock backdoor rootkit. |
Search Startups
Startup Database Navigation