1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Labs
  2. Security Threats
  3. Virus Descriptions
  4. Rootkit:W32/Zxshell.B

Rootkit:W32/Zxshell.B

Name : Rootkit:W32/Zxshell.B
Category:Malware
Type:Rootkit
Platform:INF

Summary

Rootkit:W32/Zxshell.B is dropped by Backdoor:W32/Zxshell.A and basically functions as a protection mechanism for its main payload file.

Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.

Additional Details

Rootkit:W32/Zxshell.B tries to protect the main payload DLL file by:
  • Hiding files which contains underscore "_" by installing hooks to the file system driver
  • Attempting to hide the tcp port 443
  • Detect if the following security product exist:

  • NOD32
  • AVP
  • 360Safe
  • AVG
  • Avast
  • AhnSD
  • McShield
  • IceSword
The driver can easily crash the system when it fails in its attempt to hook the kernel drivers, for example the ntfs.sys and tcpip.sys.