Home / malware Rootkit:W32/Agent.TZ
First posted on 15 September 2008.
Source: SecurityHomeAliases :
There are no other names known for Rootkit:W32/Agent.TZ.
Explanation :
A program or set of programs which hides itself by subverting or evading the computer's security mechanisms, then allows remote users to secretly control the computer's operating system.
right]Agent.TZ creates the following device object and symbolic link so that Worm:W32/VB.KS (usermode) can open a handle to the driver.
- Devicehideproc
- DosDeviceshideproc
It processes the control code sent by Worm:W32/VB.KS so that its process will be hidden in the process list.
It uses a Direct Kernel Object Manipulatin (DKOM) technique for hiding processes.Last update 15 September 2008