Also known as:
- Avira TR/Agent.765952.26
- AVP Rootkit.Win32.Bubnix.ft
- Kaspersky Lab Rootkit.Win32.Bubnix.bbr
- Microsoft Trojan:WinNT/Bubnix.gen!A
Windows users
How to get rid of it:
Please follow the instructions for removing generically detected files to delete the file from your computer.
About this threat:
Mal/Bubnix-B is a Trojan with rootkit behavior. This means that it is usually dropped by other malware and then hides itself from users by modifying registry keys. This Trojan is also protected with a rogue packer to prevent it from being analyzed or detected by anti-virus software.When executed, this Trojan creates a file:
merrrbhm.sys (or random name)
It also creates the following registry entries:
HKLM\SYSTEM\CurrentControlSet\Services\<sys file name>
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip
more @ http://www.sophos.com/security/threat-spotlight/index.html#threat1
No comments:
Post a Comment