Threat Database Rootkits Rootkit.Boot.Pihar.c

Rootkit.Boot.Pihar.c

By LoneStar in Rootkits

Threat Scorecard

Threat Level: 10 % (Normal)
Infected Computers: 29
First Seen: August 6, 2012
Last Seen: March 22, 2023
OS(es) Affected: Windows

Rootkit.Boot.Pihar.c is a computer Rootkit that could cause an infected PC to randomly restart and load malicious code causing a system to not respond to normal functions. There are other side effects associated with Rootkit.Boot.Pihar.c causing a PC to become unstable and potentially crash. Rootkit.Boot.Pihar.c may go undetected for long periods of time where it may stall or freeze up. Rootkit.Boot.Pihar.c may also put data at risk of being stolen from a remote source.

File System Details

Rootkit.Boot.Pihar.c may create the following file(s):
# File Name Detections
1. %System%\drivers\[RANDOM CHARACTERS].sys
2. C:\WINDOWS\system32\[random name].dll
3. %Temp%\[random]

Registry Details

Rootkit.Boot.Pihar.c may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0?
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1?
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0?
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.scr;'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1?
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = '0?
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'Yes'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1?
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoDesktop" = '1?
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0?

URLs

Rootkit.Boot.Pihar.c may call the following URLs:

foblue.com/?q=

Trending

Most Viewed

Loading...