Home / malware Trojan:Win32/Rootkit.W
First posted on 26 May 2012.
Source: MicrosoftAliases :
Trojan:Win32/Rootkit.W is also known as W32/Rootkit.DWSI (Norman), Rkit/Agent.cxsk (Avira), Trojan.NtRootKit.13372 (Dr.Web), Rootkit.Win32.Agent (Ikarus), Mal/Rootkit-AY (Sophos).
Explanation :
Trojan:Win32/Rootkit.W is a trojan that may steal sensitive information by monitoring certain processes and visited websites.
Trojan:Win32/Rootkit.W is a rootkit that may drop or change the network traffic to the following websites:
- duba.net
- 360.cn
Trojan:Win32/Rootkit.W may also change your computer's IP settings to use Dynamic Host Configuration Protocol (DHCP).
It may also monitor the following processes for sensitive information:
- AliIM.exe
- QQ.exe
It may also collect information about your computer, such as the following, which it sends to a remote server via an open UDP or TCP port:
- CPU name, version and number
- Hard disk name, version and driver description
- Installed 'version' of the malware
Analysis by Ding Plazo
Last update 26 May 2012
