NETHOST.SYS – Rootkit ZeroAccess

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

NETHOST.SYS – Rootkit ZeroAccess removal

FileMD5Virus Alias
NETHOST.SYS e33f2db4c4bcf6d92db4dc3db8f16e21 Rootkit ZeroAccess
NETHOST.SYS e33f2db4c4bcf6d92db4dc3db8f16e21 Trojan SuspiciousFile
NETHOST.SYS e33f2db4c4bcf6d92db4dc3db8f16e21 Trojan Artemis
NETHOST.SYS e33f2db4c4bcf6d92db4dc3db8f16e21 Trojan Generic

NETHOST.SYS size: 39936 bytes
NETHOST.SYS hash: E33F2DB4C4BCF6D92DB4DC3DB8F16E21

Created files:

%SysDir%\drivers\nethost.sys

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\nethost\Type: 01000000
HKLM\System\CurrentControlSet\Services\nethost\DisplayName: Network services host process
HKLM\System\CurrentControlSet\Services\nethost\ImagePath: %WinDir%\System32\drivers\nethost.sys
HKLM\System\CurrentControlSet\Services\nethost\_PYALOAD: \??\%WinDir%\System32\DLL61.tmp
HKLM\System\CurrentControlSet\Services\nethost\_DEL: \??\845C83E79EA45B232D91CA8E381F51FD.EXE

Detected by UnHackMe:

NETHOST.SYS
Default location: %SYSDIR%\DRIVERS\NETHOST.SYS

Dropper information:
MD5: 845c83e79ea45b232d91ca8e381f51fd
File size: 192000 bytes

Leave a Reply