Rootkit Entries
| Name | Filename | Status | Description |
|---|---|---|---|
| CsdDriver | CsdDriver.sys | X | Added by the Troj/Goldun-EE password-stealing Trojan. |
| ctl_w32 | ctl_w32.sys | X | Identified as a variant of the Rootkit.Win32.Agent.pq rootkit. |
| INPUT/OUTPUT printing | ddirectxt.sys | X | A variant of the Haxdoor rootkit. |
| SysLibrary | DefLib.sys | X | Added by the Troj/NtRootK-CA rootkit. |
| dhlp | dhlp.sys | X | Identified as a variant of the Win32.Rootkit.Gen rootkit. |
| Printer direct access | directout.sys | X | Added by the TSPY_GOLDUN.EG rootkit. |
| IO Direct printing service | directprt.sys | X | Added by a variant of the Troj/Haxdor-Gen rootkit. |
| [Unknown] | docentd.sys | X | A variant of the Haxdoor rootkit. |
| DTM Protector | dprot.sys | X | A variant of the Haxdoor rootkit. |
| drivemngr | drivemngr.sys | X | Added by the Troj/LdPinch-QB rootkit. This program, once loaded, hides other files related to this infection. |
| Plug and Play Support Driver | driverpp.sys | X | Added by the Troj/RKProc-Fam rootkit. Can be installed with SmitFraud related Trojans. |
| WDVB 05 | drtw6a.sys | X | Added by the Troj/Haxdoor-DO rootkit. |
| WDVB 05 | dvb06a.sys | X | A variant of Troj/Haxdor-Fam rootkit. |
| UDP checksum correction | dvdkernl.sys | X | Added by the Troj/Haxdoor-BC Trojan. |
| Virtual CD-ROM Driver | dwave.sys | X | Identified as a variant of the Trojan-Spy.Win32.Goldun.api rootkit. |
| MMX virtualization service | dxtpdh.sys | X | Added by a variant of the Troj/Haxdor-Gen rootkit. |
| MMX2 virtualization service | dxtpdx.sys | X | Added by a variant of the Troj/Haxdor-Gen rootkit. |
| e67gdfg | e67gdfg.ds | X | Added by the Backdoor.Rustock backdoor rootkit. |
| MCRT accelerator | eexvpn.sys | X | A variant of the Troj/Haxdor-Fam rootkit. |
| efidriver | efidriver.drv | X | Added by the Backdoor.Rustock backdoor rootkit. |
| ellowtab | ellowtab.txt | X | Identified as a variant of the Backdoor.Rustock backdoor and rootkit. |
| DCode emulator A37 | emul37.sys | X | Variant of the Troj/Haxdor-Fam rootkit. |
| DCode emulator | emul65.sys | X | Variant of the Troj/Haxdor-Fam rootkit. |
| eps32sys.sys | X | Variant of the Troj/Haxdor-Fam rootkit. | |
| EPS Printer driver | epsn2sys.sys | X | Identified as Trojan.NtRootKit.75. |
| EPS Printer Driver | EPSONSYS.SYS | X | Added by the Trojan.Goldun.I password-stealing Trojan for online banks. This is a rootkit that attempts to hide itself and its components. |
| estsprt.sys | X | Added by a variant of the Goldun rootkit. | |
| fak32 | fak32.sys | X | A variant of the Backdoor:Win32/Rustock.gen malware. |
| fanxctrld.sys | X | A variant of the Troj/Haxdor-Gen rookit. | |
| fkjdfje | fkjdfje.sys | X | Added by the Backdoor.Rustock backdoor rootkit. |
Search Startups
Startup Database Navigation