epvp is not responsible if you screwup your computer!
Credits : quybao, rapuser mpc
This program patches Windows API to hide certain objects from being listed.
Current Version Hides:
a) Processes
b) Handles
c) Modules
d) Files & Folders
e) Registry Values
f) Services
g) TCP/UDP Sockets
h) Systray Icons
Configuring a computer with the rootkit is simple...
1. Create a new folder with a uniqiue name i.e. "c:\winnt\rewt\"
2. In this folder place the root.exe i.e. "c:\winnt\rewt\root.exe"
3. Execute root.exe with the "/i" parameter i.e. "start c:\winnt\rewt\root.exe /i"
4. Inside this folder place any other programs or files.
Everything inside the root folder is now invisible! If you place other services or programs
in the root folder they will be invisible from process/file/dll/handle/socket/etc listing.
However, all programs in the root folder can see each other.
Registry value names are hidden differently from everything else. The name must begin with the
root folder name followed by "\" and other characters i.e. "rewt\hiddenstartup1".
Also, the root folder is unique throughout the system. This means "c:\rewt\", "c:\winnt\rewt\"
and "c:\winnt\system32\rewt\" all will be hidden because they all share the root folder name "rewt".
So make sure you pick a good name!
NOTE: Most RATs have an install method that involves copying the EXE to a system folder, this is bad
because if the process is executed from outside the root folder it will be visible! If possible
disable this startup method.
Removal: Don't ask me for help on this! If you install it on yourself make sure you know how to remove it!
Method 1
1. Run the root.exe with the "/u" parameter
2. Delete all the files associated with it
3. Reboot
Method 2
1. Boot into safe mode
2. Locate the root folder name( in our case C:/winnt/rewt)
3. Delete all the files associated with it
4. Reboot
*CAUTION* This rootkit is harmful to some computers, but is working and unharmful to others.
Download from ..
[Only registered and activated users can see links. Click Here To Register...]
epvp is not responsible if you screwup your computer!
Credits : quybao, rapuser mpc
This program patches Windows API to hide certain objects from being listed.
Current Version Hides:
a) Processes
b) Handles
c) Modules
d) Files & Folders
e) Registry Values
f) Services
g) TCP/UDP Sockets
h) Systray Icons
Configuring a computer with the rootkit is simple...
1. Create a new folder with a uniqiue name i.e. "c:\winnt\rewt\"
2. In this folder place the root.exe i.e. "c:\winnt\rewt\root.exe"
3. Execute root.exe with the "/i" parameter i.e. "start c:\winnt\rewt\root.exe /i"
4. Inside this folder place any other programs or files.
Everything inside the root folder is now invisible! If you place other services or programs
in the root folder they will be invisible from process/file/dll/handle/socket/etc listing.
However, all programs in the root folder can see each other.
Registry value names are hidden differently from everything else. The name must begin with the
root folder name followed by "\" and other characters i.e. "rewt\hiddenstartup1".
Also, the root folder is unique throughout the system. This means "c:\rewt\", "c:\winnt\rewt\"
and "c:\winnt\system32\rewt\" all will be hidden because they all share the root folder name "rewt".
So make sure you pick a good name!
NOTE: Most RATs have an install method that involves copying the EXE to a system folder, this is bad
because if the process is executed from outside the root folder it will be visible! If possible
disable this startup method.
Removal: Don't ask me for help on this! If you install it on yourself make sure you know how to remove it!
Method 1
1. Run the root.exe with the "/u" parameter
2. Delete all the files associated with it
3. Reboot
Method 2
1. Boot into safe mode
2. Locate the root folder name( in our case C:/winnt/rewt)
3. Delete all the files associated with it
4. Reboot
*CAUTION* This rootkit is harmful to some computers, but is working and unharmful to others.
Code:
[LEFT]File: AFXRootkit2005.zip Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5: 951c425aaff52d764d8ed89839155254 Packers Detected: - Scan Results AntiVir: Found Trojan/Hider.C ArcaVir: Found Trojan.Hider.C Avast: Found Win32:Hider AVG Antivirus: Found Generic.FI BitDefender: Found Trojan.Hider.C ClamAV: Found Nothing Dr. Web: Found Trojan.AFX F-Prot Antivirus: Found W32/AFXrootkit.D Fortinet: Found W32/Hider.C-tr Kaspersky Anti-Virus: Found Trojan.Win32.Hider.c NOD32: Found Win32/Hider.C Norman Virus Control: Found Nothing UNA: Found Trojan.Win32.Hider VBA32: Found Trojan.Win32.Hider.c Source: [URL="http://virusscan.jotti.org/"]Jotti's Virusscan[/URL][/LEFT]
[Only registered and activated users can see links. Click Here To Register...]
epvp is not responsible if you screwup your computer!