A program or set of programs which hides itself by subverting or evading the computer's security mechanisms, then allows remote users to secretly control the computer's operating system.
Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.
More scanning & removal options
More information on scanning or removal options is available in the documentation for your F-Secure security product on the Downloads section of our Home - Global site.
You may also refer to the Knowledge Base on the F-Secure Community site for more information.
This rootkit will execute on the following operating systems:
- Windows 2000
- Windows XP
- Windows 2003
- Windows Vista
- Windows Vista SP1
It removes the hooked addresses corresponding to the following NT Functions (which are implemented in Ntoskrnl.exe), then restores them to their original values: