Win32/Rootkit.Avatar is a rootkit, which uses a driver infection method twice: the first in the dropper so as to evade detections by HIPS, and the second in the rootkit driver to remain after computer restart. The infection method is prevented in its ability (by code signing policy for kernel-mode modules) and Win32/Rootkit.Avatar functions only on x86 systems. Win32/Rootkit.Avatar driver is not stored on the hard drive and will load with the same code used in the technique for MS11-080 exploitation to execute the driver. This technique to load Win32/Rootkit.Avatar driver by system driver infection is effective to evade security applications, and loads other kernel-mode modules from a ‘trusted’ (but damaging) system driver. Win32/Rootkit.Avatar does not store its files in the standard file system and its method for driver infection makes it more complicated for usual forensic approaches…

MBR:Alureon-L is a rootkit that creates a file system boot sector to disguises itself in it. The installation also includes creation of relevant Master Boot Record to let itself load whenever you turn your PC on. The malicious file system will be loaded before the one that provides software environment to computer users. While staying outside genuine file system, MBR:Alureon-L defends other security threats within it. The defended objects execute payloads that may sometimes be different. MBR:Alureon-L contains a lot of malignant components that allow it to conceal itself on the compromised PC; therefore, MBR:Alureon-L is hard to find and uninstall from the targeted computer system by many security tools….

BDS/ZAccess.AL is a rootkit that can easily install itself on a vulnerable computer while it runs undetected in the background. BDS/ZAccess.AL
disguises itself in the system kernel. BDS/ZAccess.AL may block installation of other applications including anti-virus software. BDS/ZAccess.AL is hard to find and eliminate by numerous security applications. Improper deletion of BDS/ZAccess.AL on the infected computer can lead to harm of important system components. BDS/ZAccess.AL can restore itself after removal on the affected PC….

ZeroAccess.hi is a variation of a kernel mode ZeroAccess rootkit infection, which is able to damage a whole network of computer systems. ZeroAccess.hi infiltrates into the targeted computers through system vulnerabilities, drive-by downloads, freeware applications, spam email attachments and many other ways. ZeroAccess.hi hides itself from security applications to avoid detection and removal from the infected PC. ZeroAccess.hi may block legitimate applications from running or slow your computer. ZeroAccess.hi may also redirect the compromised web browser to doubtful websites….

Rootkit.Win32.Necurs.gen is a rootkit that serves other computer infections. Rootkit.Win32.Necurs.gen interacts with system processes and processes of other software, especially where those strive to manipulate with the components of objects Rootkit.Win32.Necurs.gen is instructed to assist. Rootkit.Win32.Necurs.gen stops processes of fraudware or security tools that strive to stop processes of, and delete fake security
rograms, such as Win 8 Security System. Rootkit.Win32.Necurs.gen enters the compromised PC surreptitiously and hides itself on the affected machine. Rootkit.Win32.Necurs.gen is hard to find and eliminate by many anti-virus programs….

Win32:Necurs-E is a Trojan dropper that belongs to a malware family that has been infecting PCs since 2011. Win32:Necurs-E is notable because Win32:Necurs-E uses rootkit techniques in order to prevent detection and removal of itself and of the malware that Win32:Necurs-E installs on the victim’s computer. One of the main consequences of a Win32:Necurs-E infection is the malfunction of legitimate security software installed on the infected computer. This is because Win32:Necurs-E and malware associated with Trojan dropper tend to interfere with legitimate security software in order to protect themselves from removal.

If you suspect that your computer has been exposed to Win32:Necurs-E or to any other malware in the Necrus family of malware, ESG security researchers strongly advise to scan your hard drives with a reliable anti-malware scanner that is fully up to date. To ensure that…

SVC:MBAMSwissArmy is a rootkit that modifies a genuine file named mbamswissarmy.sys and, thus, makes the main application to deteriorate. SVC:MBAMSwissArmy Rootkit loads automatically whenever the corrupted application is run. SVC:MBAMSwissArmy Rootkit disguises itself on the affected machine by attaching its own code to original Windows system files. SVC:MBAMSwissArmy Rootkit may be hard to find and uninstall from the compromised PC. SVC:MBAMSwissArmy Rootkit usually makes use of the network exploits to invade the targeted computer system….

BDS/ZAccess.V is a dangerous rootkit threat that could easily install on a computer while it runs undetected in the background. BDS/ZAccess.V may prevent installation of other programs including antivirus apps. A system infected with BDS/ZAccess.V could be susceptible to remote attacks where cybercrooks could steal data off of the system or load other malware threats. Removal of BDS/ZAccess.V is usually performed successfully with the use of an antimalware application with rootkit removal capabilities….

ESG security researchers have received multiple reports of a dangerous cross-platform rootkit infection known as Crisis. This rootkit, also detected as Morcut by some security programs, can attack computers using the Mac OS X operating system, as well as various versions of Windows. The main way Crisis spreads from computer to computer is disguised as a fake installer for Adobe’s Flash Player. Crisis has been active since July of 2012 and is used to monitor online traffic on the infected computer. Crisis can also keep a record of instant messaging activity and even record conversations on Skype and other VoIP applications! One of the reasons why Crisis has caught the attention of PC security researchers is that it can apparently also spread to virtual machines, which is quite rare.

Crisis is Designed to Infect Numerous Platforms, Including Virtual Machines!

Most of the…

Rootkit.Boot.STT.a is a dangerous rootkit that may have the ability to prevent detection while it runs in the background. Rootkit.Boot.STT.a may also block applications from being installed. Outside connections may also be made through Rootkit.Boot.STT.a where remote servers could be accessed to instruct the threat to carry out specific actions. Removing Rootkit.Boot.STT.a may be accomplished with an advanced antispyware application….