Rootkit:W32/Zxshell.B tries to protect the main payload DLL file by:
- Hiding files which contains underscore "_" by installing hooks to the file system driver
- Attempting to hide the tcp port 443
- Detect if the following security product exist:
The driver can easily crash the system when it fails in its attempt to hook the kernel drivers, for example the ntfs.sys and tcpip.sys.