Home / Spyware Encyclopedia / Rootkit.Junk << Back

Recommendation to Automatically remove Rootkit.Junk


Our products can remove Rootkit.Junk and thousands of other Virus and Spyware automatically and instantly.

Rootkit.Junk Details


  • Category Rootkit
  • Discovered 7/1/2009 1:02:59 PM
  • Modified 2/21/2019 11:42:01 AM
  • Threat Level Critical
  • Category Description
    A Rootkit is a collection of tools (programs) that enable administrator-level (root) access to a computer or computer network. A Rootkit may consist of spyware and other programs that: monitor traffic and keystrokes; create a "backdoor" into the system for the hacker's use; alter log files; attack other machines on the network; and alter existing system tools to escape detection. They are usually hidden and difficult to clean as they ingranulate deeply within the Registry and system files.

The following Files were created:
VALUEFILESIZECOMPANYNAMEVERSIONSIGNATUREDate
tcpip_patcher.sys 16768www.kceasy.com5.1.2600.218077a2847d6c14d77ff2275f1dfdd65aa7 
AF050F03.EXE 124416  7b09d9a5b478ea54f8082377dcc2e54e 
cb95717b.exe 124928  a5729695efbb4023af7d524379796757 

The following Registry Entries were created:
..\Software\Microsoft\Windows\CurrentVersion\policies\explorer\run\"qlkjilcf"\"rundll32.exe "%WIN.SYS32%\sechonqp.sys" WLEntryPoint"
..\Software\Microsoft\Windows\CurrentVersion\Run\\"fapkjmlg"\"rundll32.exe %DAS.AU.LS%\Temp\browqhgrm.nls WLEntryPoint"
..\System\CurrentControlSet\Services\hebvvvhz\(Default)
..\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\mhgbid\(Default)
..\Software\Microsoft\Windows NT\CurrentVersion\\"NTInternalSign"\"30013897"
..\Software\Microsoft\Windows\CurrentVersion\policies\explorer\run\"etcjqtgr"\"rundll32.exe "%WIN.SYS32%\perfatorq.dll" WLEntryPoint"
..\Software\Microsoft\Windows\CurrentVersion\Run\\"orqpcfid"\"rundll32.exe %DAS.AU.LS%\Temp\tcpknqp.sys WLEntryPoint"
..\Software\Classes\Clsid\{177D637B-5849-B877-11E2-F9A7B4D01EA5}\(Default)
..\System\CurrentControlSet\Services\iegmovco\(Default)
..\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\napsjmhcnmt\(Default)

Notice
Please note that the following information is not controlled or endorsed by Max Secure Software. They are captured automatically by tools in our malware Research Lab as a result of executing Spyware Files or browsing Internet in virtual environment. Please contact us if you find any information inappropriate for removal. All the work contained in this report is copyrighted and should not be copied without permission from Max Secure Antivirus. We do not recommend browsing or removing these entries on your own manually. We do not take any warranty against the use or result of the use of this information.

Home / Malware Encyclopedia << Back

Max Total Security can detect & quarantine this Malware


Useful Links

Copyright © 2022 Max Secure Software. All rights reserved.