Rootkit

Should I remove “VirTool:WinNT/Rootkitdrv.HZ”?

Malware Removal

The VirTool:WinNT/Rootkitdrv.HZ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What VirTool:WinNT/Rootkitdrv.HZ virus can do?

  • Sample contains Overlay data
  • Authenticode signature is invalid
  • CAPE detected the shellcode get eip malware family
  • Yara detections observed in process dumps, payloads or dropped files

How to determine VirTool:WinNT/Rootkitdrv.HZ?



File Info:

name: A137CD2A1A4D7DEB160C.mlw
path: /opt/CAPEv2/storage/binaries/544d613d3ef51d0a49d5194da303b7ae3429c76b776cced699c7b1c751bd4459
crc32: 8B73BDE6
md5: a137cd2a1a4d7deb160c9a0614ed242e
sha1: e7c936479fc148f1152fbb4c19ec9c69c7adcf4c
sha256: 544d613d3ef51d0a49d5194da303b7ae3429c76b776cced699c7b1c751bd4459
sha512: 3f1a8b1f14201462ad9d1ebf3ff324b6ad936bbd1d8f5cc5af78c49abfdc9e9c356183f260d959a1f3830ad5134334bb4dd44a4f70d34ced991d6bab57cf61aa
ssdeep: 3072:iLYWN5oQVrFGR28tRdnG6SZmomcqiz7CZjLS825DzC7/obIkpMIzBtO591qpDl8S:aO3nnGlmV75J25eijMIzvOH182W
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1E2240255F8A54436F08786B437A6D69F593A392CB567802303189E8DFE309F4C653B2B
sha3_384: 3d841f3ad00c1a59d251dbaa77e94b7c0307e6198424f550c1d12504d521d2ae95e3a6783eabcaf68210d00f9eccd7ce
ep_bytes: 558bec6aff68e0704000685041400064
timestamp: 2009-12-30 13:25:41


Version Info:

0: [No Data]

VirTool:WinNT/Rootkitdrv.HZ also known as:

BkavW32.AIDetectMalware
LionicHacktool.Win32.Backex.3!c
Elasticmalicious (high confidence)
DrWebTool.Siggen.6994
MicroWorld-eScanTrojan.GenericKD.71633159
FireEyeGeneric.mg.a137cd2a1a4d7deb
CAT-QuickHealTrojan.MauvaiseRI.S5255645
SkyhighBehavesLike.Win32.Sdbot.dc
McAfeeGenericRXFP-LP!A137CD2A1A4D
Cylanceunsafe
SangforSuspicious.Win32.Save.ins
K7AntiVirusExploit ( 004c3bdc1 )
AlibabaExploit:Win32/CVE-2011-2005.cfd21eb9
K7GWExploit ( 004c3bdc1 )
Cybereasonmalicious.a1a4d7
VirITHackTool.Win32.Backex.D
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Exploit.CVE-2011-2005.A
APEXMalicious
TrendMicro-HouseCallTROJ_SPNR.02AR14
ClamAVWin.Trojan.Hacktool-96
KasperskyHackTool.Win32.Backex.d
BitDefenderTrojan.GenericKD.71633159
NANO-AntivirusRiskware.Win32.TrjGen.dscqec
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.117efa8a
EmsisoftTrojan.GenericKD.71633159 (B)
F-SecureHeuristic.HEUR/AGEN.1340839
BaiduWin32.Exploit.CVE-2011-2005.b
ZillyaTool.Backex.Win32.3
TrendMicroTROJ_SPNR.02HQ13
Trapminesuspicious.low.ml.score
SophosMal/Generic-S
IkarusVirTool.Winnt.Rootkitdrv
JiangminHTool.Agent.bfb
GoogleDetected
AviraHEUR/AGEN.1340839
VaristW32/Hacktool.B.gen!Eldorado
Antiy-AVLHackTool/Win32.Backex
KingsoftWin32.HackTool.Backex.d
MicrosoftVirTool:WinNT/Rootkitdrv.HZ
XcitiumMalware@#2qrzdidkm8lqf
ArcabitTrojan.Generic.D4450907
ZoneAlarmHackTool.Win32.Backex.d
GDataTrojan.GenericKD.71633159
CynetMalicious (score: 100)
AhnLab-V3Win-AppCare/Hacktool.49152.C
VBA32Exploit.CVE-2011-1249
ALYacTrojan.GenericKD.71633159
MAXmalware (ai score=94)
MalwarebytesRiskWare.HackTool
PandaTrj/CI.A
RisingExploit.CVE-2011-2005!8.2019 (TFE:5:NLHx7QbbdkD)
YandexHackTool.Backex!LpM3k/1IxxI
SentinelOneStatic AI – Suspicious PE
FortinetW32/Generic.AC.236B0E!tr
AVGWin32:Malware-gen
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_70% (W)
alibabacloudTrojan.Win.UnkAgent

How to remove VirTool:WinNT/Rootkitdrv.HZ?

VirTool:WinNT/Rootkitdrv.HZ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment