Summary
A program or set of programs which hides itself by subverting or evading the computer's security mechanisms, then allows remote users to secretly control the computer's operating system.
Disinfection & Removal
Allow F-Secure Anti-Virus to disinfect the relevant files.
For more general information on disinfection, please see Removal Instructions.
Technical Details
Agent.TZ creates the following device object and symbolic link so that Worm:W32/VB.KS (usermode) can open a handle to the driver.
- \Device\hideproc
- \DosDevices\hideproc
It processes the control code sent by Worm:W32/VB.KS so that its process will be hidden in the process list.It uses a Direct Kernel Object Manipulatin (DKOM) technique for hiding processes.
Submit a sample
Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)
F-Secure Community
Give advice. Get advice. Share the knowledge on our free discussion forum.