eetvpn.sys - Dangerous
%sysdir%\eetvpn.sys
Manual removal instructions:
Antivirus Report of %sysdir%\eetvpn.sys:
%sysdir%\eetvpn.sys
eetvpn.sys is rootkit BKDR_HAXDOOR.KG.
eetvpn.sys opens a back door on random TCP port.
eetvpn.sys is used to hide files, processes and registry.
eetvpn.sys is a kernel mode rootkit.
Rootkit injects itself into the winlogon.exe process.
Rootkit injects itself into the explorer.exe process.
Rootkit contacts remote hacker server using HTTP session.
Related files:
%SysDir%\eetvpn.dll
%SysDir%\eetvpn.sys
%SysDir%\eexvpn.sys
%SysDir%\qo.dll
%SysDir%\qo.sys
%SysDir%\KGCTINI.DAT
%SysDir%\LPS.DAT
eexvpn.sys is created new system drivers:
service name: " eexvpn"
display name: " "MCRT accelerator"
Adds the value:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eexvpn
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eetvpn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Winlogon\Notify\eetvpn
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Control\SafeBoot\Minimal\eexvpn.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Control\SafeBoot\Network\eexvpn.sys
to the Windows startup registry keys.
Added to registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
SharedAccess\Parameters\FirewallPolicy\StandardProfile\
AuthorizedApplications\List
%Windows%\Explorer.exe = "%Windows%\Explorer.exe:*:Enabled:explorer"
HKEY_CURRENT_USER\Software\RIT\The Bat!
| %sysdir%\eetvpn.sys | Malware |
| %sysdir%\eetvpn.sys | Dangerous |
| %sysdir%\eetvpn.sys | High Risk |
eetvpn.sys opens a back door on random TCP port.
eetvpn.sys is used to hide files, processes and registry.
eetvpn.sys is a kernel mode rootkit.
Rootkit injects itself into the winlogon.exe process.
Rootkit injects itself into the explorer.exe process.
Rootkit contacts remote hacker server using HTTP session.
Related files:
%SysDir%\eetvpn.dll
%SysDir%\eetvpn.sys
%SysDir%\eexvpn.sys
%SysDir%\qo.dll
%SysDir%\qo.sys
%SysDir%\KGCTINI.DAT
%SysDir%\LPS.DAT
eexvpn.sys is created new system drivers:
service name: " eexvpn"
display name: " "MCRT accelerator"
Adds the value:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eexvpn
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eetvpn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Winlogon\Notify\eetvpn
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Control\SafeBoot\Minimal\eexvpn.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Control\SafeBoot\Network\eexvpn.sys
to the Windows startup registry keys.
Added to registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
SharedAccess\Parameters\FirewallPolicy\StandardProfile\
AuthorizedApplications\List
%Windows%\Explorer.exe = "%Windows%\Explorer.exe:*:Enabled:explorer"
HKEY_CURRENT_USER\Software\RIT\The Bat!
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.