eetvpn.sys - Dangerous

%sysdir%\eetvpn.sys

Manual removal instructions:

Antivirus Report of %sysdir%\eetvpn.sys:
%sysdir%\eetvpn.sys Malware
%sysdir%\eetvpn.sysDangerous
%sysdir%\eetvpn.sysHigh Risk
%sysdir%\eetvpn.sys
eetvpn.sys is rootkit BKDR_HAXDOOR.KG.
eetvpn.sys opens a back door on random TCP port.
eetvpn.sys is used to hide files, processes and registry.
eetvpn.sys is a kernel mode rootkit.
Rootkit injects itself into the winlogon.exe process.
Rootkit injects itself into the explorer.exe process.
Rootkit contacts remote hacker server using HTTP session.
Related files:
%SysDir%\eetvpn.dll
%SysDir%\eetvpn.sys
%SysDir%\eexvpn.sys
%SysDir%\qo.dll
%SysDir%\qo.sys
%SysDir%\KGCTINI.DAT
%SysDir%\LPS.DAT

eexvpn.sys is created new system drivers:
service name: " eexvpn"
display name: " "MCRT accelerator"


Adds the value:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eexvpn

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eetvpn

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Winlogon\Notify\eetvpn

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Control\SafeBoot\Minimal\eexvpn.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Control\SafeBoot\Network\eexvpn.sys
to the Windows startup registry keys.

Added to registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
SharedAccess\Parameters\FirewallPolicy\StandardProfile\
AuthorizedApplications\List
%Windows%\Explorer.exe = "%Windows%\Explorer.exe:*:Enabled:explorer"

HKEY_CURRENT_USER\Software\RIT\The Bat!

Remove eetvpn.sys now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.

Testimonials

You can read UnHackMe testimonials here.