TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
TROJ_ROOTKIT.DU
Overview
Solution

Malware type: Trojan

Aliases: Trojan-Downloader.Win32.Agent.dpe (Kaspersky), Spy-Agent.bv.dldr (McAfee), Trojan.Pandex (Symantec), Worm/Ntech.Z.2 (Avira), Troj/Agent-GLU (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 Low

Distribution potential:

 Low

Description: 

This Trojan may be dropped by other malware. It may arrive bundled with malware packages as a malware component.

This TROJ_ROOTKIT variant is usually used by other malware to hide running processes. Copies of this Trojan may be dropped in the Windows folder as .SYS files with various file names and then registered as a service.

It hides malware processes and other malicious activities on an affected system by modifying the assigned functions in the file NTOSKRNL.EXE, which exists on NT-based platforms. NTOSKRNL.EXE handles basic Windows functions, hence, incorrect modification of this file may cause affected systems to crash.

For additional information about this threat, see:
Solution
Technical Details

Description created: Jan. 4, 2008 10:35:49 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.