Threat Database Rootkits WIN32:MBRootkit

WIN32:MBRootkit

By Domesticus in Rootkits

Threat Scorecard

Ranking: 6,789
Threat Level: 80 % (High)
Infected Computers: 970
First Seen: December 14, 2011
Last Seen: September 15, 2023
OS(es) Affected: Windows

WIN32:MBRootkit is a hazardous rootkit that attaches itself to free genuine program downloads without the program publisher and the person who offers it knowing about it. Once WIN32:MBRootkit is installed on the affected computer system, it goes directly into Mater Boot Record. WIN32:MBRootkit declares the same privileges to the legitimate PC system. WIN32:MBRootkit creates its own system to interrupt with the one installed on the computer to assist the user. WIN32:MBRootkit stops incoming and outgoing data of browsers on the infected machine. The data is tested to gain confidential data such as passwords, user names, etc. You need to uninstall WIN32:MBRootkit as soon as possible.

Registry Details

WIN32:MBRootkit may create the following registry entry or registry entries:
HKEY_CLASSES_ROOT\ah
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CURRENT_USER\Software\Classes\ah\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CLASSES_ROOT\ah\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'ah'
HKEY_CURRENT_USER\Software\Classes\ah\DefaultIcon "(Default)" = '%1'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CURRENT_USER\Software\Classes\ah "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\ah "Content Type" = 'application/x-msdownload'
HKEY_CLASSES_ROOT\ah\shell\open\command "IsolatedCommand"

Trending

Most Viewed

Loading...