Fighting Spyware, Malware and Adware one File at a Time.
Navigation Links

Database of Spyware Home

About the Project

View the Database

Forums

Database of Spyware Site Map

Terms of Use

AFX Windows Rootkit 2003

Overview

Vendor Description

 From the doc: 'AFX Windows Rootkit 2003
This software generates a system patch that will hide processes, files, foldersregistry keys and netstat entries from Windows 95/98/ME/NT/2k/XP/2003. Informationis withheld based on 4 lists of mask strings. This enables you to apply wildcards tohiding functions such as hiding files based on "*.exe" or netstat entries based on"*TCP*:80*" to hide http traffic.
The "example.exe" include is preconfigured to hide all processes/files and keys matching"~~*" and all "*TCP*" traffic. The installer copies itself to the system directory andextracts 2 DLL files from it's resources. It saves the files as "iexplore.exe" and"explorer.exe". The first dll is loaded into "explorer.exe" which then installs hookscontained in "explorer.dll".
To configure a custom rootkit run "RootKit.exe" and click "Help" and make sure tocompress your installer!
Aphex'

Alias

 AFXrootkit [McAfee], Bck/Ratsou.A [Panda], Trojan Horse [Panda], Trojan.Win32.Delf.m [Kaspersky], Trojan.Win32.Madtol.a, Trojan.Win32.Madtol.a [Kaspersky], Win32.Afrootix [Computer Associates], Win32/Afrootix!Trojan [Computer Associates], Win32/Madtol.A trojan [Eset],

Category

 Misc Tool: Any tool that might be used in planning an attack on a system, developing tools for such an attack, or performing it.

Backdoor:  A secret or undocumented means of getting into a computer system, or software that uses such a means to penetrate a system. Some software has a backdoor placed by the programmer to allow them to gain access to troubleshoot or change the program. Software that is classified as a "backdoor" is designed to exploit a vulnerability in a system, and open it to future access by an attacker.

Trojan:  Any program with a hidden intent. Trojans are one of the leading causes of breaking into machines. If you pull down a program from a chat room, new group, or even from unsolicited e-mail, then the program is likely trojaned with some subversive purpose. The word Trojan can be used as a verb: To trojan a program is to add subversive functionality to an existing program. For example, a trojaned login program might be programmed to accept a certain password for any user's account that the hacker can use to log back into the system at any time. Rootkits often contain a suite of such trojaned programs.

 

Origins

 

Author

 Aphex

Others By This Author

  AFX File Lace · AFX Tunneld · Aphex Command Line Tools · Aphex's FireWall Bypassing FTP Server with Screen Capture 1.0 · Aphex's Packet Sniffer · Aphex's Packet Sniffer 0.2.0 · Aphex's Packet Sniffer 0.3.1 · Aphex's Packet Sniffer 0.3.2 · Aphex's Packet Sniffer 0.3.3 · Aphex's Polymorphic Web Downloader · Aphex's Web Downloader · Aphex's Web Downloader 0.3.0 Lite · Aphex's Web Downloader 0.4.0 Lite · Aphex's Web Downloader 0.6.0 Lite · Aphex's Web Downloader 0.7.0 Lite · File Nail · Institution · Institution 1.0 · Institution 1.1 · Institution FWB 1.1 · Institution FWB 1.2 · Institution Open · Institution Open 0.1.1 · Kuang2 Web Updater · Kuang2 Web Updater 1.0 · Kuang2 Web Updater 1.1 · LAN Sniffer 1.0 · Lite-SOCKS · Micro Bot 1.0 · Polymorphic Downloader · Polymorphic Downloader 2.0 · Polymorphic Downloader 3.0 · Polymorphic Web Downloader Generator 1.0 · Remote AOL Password Cracker 2.0 · Sinister Uploader 1.0 · Socks4 Proxy 1.0 · Streaming Audio Trojan 1.0 · Tiny Uploader · TrojanDropper.Win32.AphexLace.b · TrojanDropper.Win32.Delf.ae · TrojanSpy.Win32.Delf.bf · Tunneld 2.0 · WebDownloader · WebDownloader 0.1 · WebDownloader 0.2 · WebDownloader 0.3 · WebDownloader 0.5.0 Lite · WebDownloader 1.0 · WebDownloader 2.0 · WebDownloader Illwill 1.0 · WebDownloader Mini-web 1.0 · WebDownloader Mini-web 2.0 ·

Programming Language

 Delphi

Date of Origin

 April, 2003
 

Detection and Removal

Manual Removal

 Follow these steps to remove AFX Windows Rootkit 2003 from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.

 Stop Running Processes:

Kill these running processes with Task Manager:



Remove Files:

Remove these files (if present) with Windows Explorer:



 
AEP.626.A  AESCryptAPI  AFTtrojan  AFXFileLace  AFXTunneld  AFXWindowsRootkit2003  AFileBinder1.0  AGM65sFile&CDKeyHarvester  AGM65sFile&CDKeyHarvester1.0  AGM65sFile&CDKeyHarvester2.0  
 
Site Map 2006 © Copyright DatabaseofSpyware.com. All rights reserved. Terms of Use
Another Proud Thor Schrock Development