msctl32.dll - Dangerous
%sysdir%\msctl32.dll
Manual removal instructions:
Antivirus Report of %sysdir%\msctl32.dll:
%sysdir%\msctl32.dll
MSCTL32.DLL is rootkit Backdoor.Rustock.
MSCTL32.DLL opens a back door on random TCP port.
MSCTL32.DLL is used to hide files, processes and registry.
MSCTL32.DLL is a kernel mode rootkit.
Rootkit injects itself into the winlogon.exe process.
Rootkit contacts remote hacker server using HTTP session.
Related files:
%SysDir%\drivers\I386P.SYS
%SysDir%\MSCTL32.DLL
I386P.SYS is created new system drivers:
service name: " wincom32"
Adds the value:
"Asynchronous" = "1"
"DllName" = "[NAME_OF_TROJAN_DLL].DLL"
"Impersonate" = "0"
"Startup" = "Startup"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
Winlogon\Notify\msctl32.dll
to the Windows startup registry keys.
| %sysdir%\msctl32.dll | Malware |
| %sysdir%\msctl32.dll | Dangerous |
| %sysdir%\msctl32.dll | High Risk |
MSCTL32.DLL opens a back door on random TCP port.
MSCTL32.DLL is used to hide files, processes and registry.
MSCTL32.DLL is a kernel mode rootkit.
Rootkit injects itself into the winlogon.exe process.
Rootkit contacts remote hacker server using HTTP session.
Related files:
%SysDir%\drivers\I386P.SYS
%SysDir%\MSCTL32.DLL
I386P.SYS is created new system drivers:
service name: " wincom32"
Adds the value:
"Asynchronous" = "1"
"DllName" = "[NAME_OF_TROJAN_DLL].DLL"
"Impersonate" = "0"
"Startup" = "Startup"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
Winlogon\Notify\msctl32.dll
to the Windows startup registry keys.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.