Rootkit

What is “VirTool:WinNT/Rootkitdrv.CD”?

Malware Removal

The VirTool:WinNT/Rootkitdrv.CD is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What VirTool:WinNT/Rootkitdrv.CD virus can do?

  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine VirTool:WinNT/Rootkitdrv.CD?


File Info:

name: 3448B199FDDB8B000E58.mlw
path: /opt/CAPEv2/storage/binaries/4b5f645c9dc3cf44f49ade78602b0b659ee721d4811610467373d8cfacd907c1
crc32: 84AB3A3B
md5: 3448b199fddb8b000e58566c9f9a2cb5
sha1: d6e45e5b4bd2c963cf16b40e17cdd7676d886a8a
sha256: 4b5f645c9dc3cf44f49ade78602b0b659ee721d4811610467373d8cfacd907c1
sha512: e2801e0105a49c60cd7afa482c62cd98721b4e0407292f4e0e1c4f55ae6680c98abf27cba4e05494f14632e48e231ea60d0a17c5fa3a256066f6e66be7a12128
ssdeep: 384:sia9Uyo0qwbAvYiEW8LFXteAm1zk3fOX9:sia9LMvYiqcnEy
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T122921781B5F50467D9A701B0BFB53225C0BBBBA90A33876DDB405DCA6C1C648F9A8F47
sha3_384: 8db459199713fbf9d823d473b6266a03a06fda3ad93e47689b42574a51b6bb944e15b1ed1714c5f068a1f9e50f420713
ep_bytes: 558bec83ec1056578b7d08b8ac040100
timestamp: 2006-05-17 08:49:38

Version Info:

0: [No Data]

VirTool:WinNT/Rootkitdrv.CD also known as:

LionicTrojan.Win32.Agent.5!c
MicroWorld-eScanTrojan.NTRootK.BC
FireEyeTrojan.NTRootK.BC
SkyhighPWS-Gogo.a.sys
McAfeePWS-Gogo.a.sys
Cylanceunsafe
ZillyaRootkit.Agent.Win32.10623
SangforSuspicious.Win32.Save.ins
K7AntiVirusRiskware ( 0040eff71 )
AlibabaVirTool:Win32/Rootkitdrv.20233cef
K7GWRiskware ( 0040eff71 )
VirITBackdoor.Win32.Generic.NNN
SymantecHacktool.Rootkit
Elasticmalicious (high confidence)
ESET-NOD32Win32/Rootkit.Agent.DG
KasperskyRootkit.Win32.Agent.dg
BitDefenderTrojan.NTRootK.BC
NANO-AntivirusTrojan.Win32.Agent.cxcbtb
AvastWin32:Agent-ENT [Rtk]
TencentWin32.Rootkit.Agent.Kqil
SophosTroj/NTRootK-BC
F-SecureTrojan.TR/Rootkit.Gen
DrWebTrojan.NtRootKit.552
VIPRETrojan.NTRootK.BC
TrendMicroRTKT_AGENT.YTEV
EmsisoftTrojan.NTRootK.BC (B)
IkarusRootkit.Win32.Agent
GDataTrojan.NTRootK.BC
JiangminRootkit.Vanti.aat
WebrootVir.Tool.Gen
GoogleDetected
AviraTR/Rootkit.Gen
VaristW32/Rootkit.FWDU-6665
Antiy-AVLTrojan[Rootkit]/Win32.Agent
Kingsoftmalware.kb.a.996
XcitiumTrojWare.Win32.Rootkit.Agent.DG@3czt
ArcabitTrojan.NTRootK.BC
ZoneAlarmRootkit.Win32.Agent.dg
MicrosoftVirTool:WinNT/Rootkitdrv.CD
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Xema.C279050
ALYacTrojan.NTRootK.BC
MAXmalware (ai score=100)
VBA32TScope.Malware-Cryptor.SB
PandaRootkit/Gogo.A
TrendMicro-HouseCallRTKT_AGENT.YTEV
RisingRootkit.Generic!8.7D6 (TFE:2:N2kCIy1TFVK)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.689072.susgen
FortinetW32/Agent.DG!tr
AVGWin32:Agent-ENT [Rtk]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove VirTool:WinNT/Rootkitdrv.CD?

VirTool:WinNT/Rootkitdrv.CD removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment