SecurityHome.eu Rootkit:W32/Zxshell.B

Home / malware PDF

Rootkit:W32/Zxshell.B

First posted on 24 December 2010.
Source: SecurityHome
Aliases :
There are no other names known for Rootkit:W32/Zxshell.B.
Explanation :
Rootkit:W32/Zxshell.B is dropped by Backdoor:W32/Zxshell.A and basically functions as a protection mechanism for its main payload file.

Additional DetailsRootkit:W32/Zxshell.B tries to protect the main payload DLL file by:

Hiding files which contains underscore "_" by installing hooks to the file system driver

Attempting to hide the tcp port 443

Detect if the following security product exist:

NOD32

AVP

360Safe

AVG

Avast

AhnSD

McShield

IceSword
The driver can easily crash the system when it fails in its attempt to hook the kernel drivers, for example the ntfs.sys and tcpip.sys.
Last update 24 December 2010

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Rootkit:W32/Zxshell.B