Rootkit Entries
| Name | Filename | Status | Description |
|---|---|---|---|
| PDCOMP | _amdevntas.sys | X | Added by the Trojan-Spy.Win32.Batton.rk spyware and information stealer. Trojan-Spy spies upon user's activity and steals confidential user information. |
| lololol | _hideme_imhiddenlololol.exe | X | Added by the Troj/Hideme-A Trojan. This infection is hidden by the rootkit file C:\_hideme_MYFILE.SYS. |
| Print Spooler Service | <random file name>.exe | X | Added by the Troj/HacDef-DJ backdoor Trojan and rootkit. |
| DER005 | <random filename> | X | Added by the Troj/Hackvan-B Trojan rootkit. |
| XRW005 | <random filename> | X | Added by the Troj/Hackvan-B Trojan rootkit. |
| System SSDP Services | <random letters>.sys | X | Added by the Troj/Pardot-A rootkit. |
| pe386 | <random number> | X | Added by the Backdoor.Rustock.A backdoor Trojan. This infection uses Alternate Data Streams and rootkit technology to hide itself and the service entry. |
| 3klagia | 3klagia.dll | X | Added by the Backdoor.Rustock backdoor rootkit. |
| 4fdw | 4fdw.dll | X | Added by the Backdoor.Rustock backdoor rootkit. |
| 63cica | 63cica.sys | X | Added by a variant of the Troj/NTRootK-CL rootkit. |
| accctsggw | accctsggw.cat | X | Added by the Backdoor.Rustock backdoor rootkit. |
| agehhtd | agehhtd.cat | X | Added by the Backdoor.Rustock backdoor rootkit. |
| <unknown> | agpbrdg5.sys | X | Added by a variant of Troj/Haxdor-Gen. |
| aiqpbter | aiqpbter.chm | X | Added by the Backdoor.Rustock backdoor rootkit. |
| alcom | alcom.sys | X | A variant of the Haxdoor rootkit. |
| alcop server | alcop.sys | X | Added by a variant of the Goldun.Fam rootkit. |
| apcdli | apcdli.sys | X | Added by the Mal/RootKit-A rootkit. |
| Network Control Manager | aries.sys | X | Added by the Sony/XCP DRM Rootkit. This file is the actual rootkit driver for the Sony DRM application. |
| <Unknown> | armdvc.sys | X | Added by a variant of the Goldun.Fam rootkit. |
| ARM TSL device | armdvc.sys | X | Added by a variant of the Troj/Haxdor-Gen rootkit. |
| ARM FDCG850 device | armrfc.sys | X | Added by a variant of the Goldun rootkit. |
| <unknown> | arprmdg5.sys | X | A variant of the HaxDoor rootkit. |
| asc355 | asc355.sys | X | A variant of the TROJ_AGENT.AAND rootkit. |
| asc3550o | asc3550o.sys | X | Identified as a variant of the Trojan.Rootkit.Agent rootkit. |
| asc355O | asc355O.sys | X | Identified as the Trojan.Rootkit.Agent.NCY rootkit. |
| DirectSound KDriver | asplg.sys | X | Added by a variant of the Goldun.Fam rootkit. |
| <unknown> | asusrx25.sys | X | Variant of the Troj/Haxdor-Fam rootkit. |
| Object memory mapping 8.0 | ati2ksag.sys | X | Added by a variant of the Goldun.Fam rootkit. |
| Object memory mapping 8.0 | ati2kstg.sys | X | A variant of the Haxdoor rootkit. |
| Object memory mapping 8.0 | ati2psag.sys | X | Added by a variant of the Goldun.Fam rootkit. |