ndisfilter.sys - Dangerous
%sysdir%\ndisfilter.sys
Manual removal instructions:
Antivirus Report of %sysdir%\ndisfilter.sys:
%sysdir%\ndisfilter.sys
ndisfilter.sys is rootkit Proxy-ProxList.sys.
ndisfilter.sys is a kernel mode rootkit.
ndisfilter.sys is used to hide the existence of the pfplg*.dll file.
Rootkit hooks into the kernel's System Service Descriptor Table (SSDT).
Rootkit affects the addresses corresponding to the function "NTQueryDirectoryFile".
Rootkit contacts remote hacker server using HTTP session.
Related files:
%SysDir%\drivers\ndisfilter.sys
%SysDir%\pfplgflt.dll
%SysDir%\pfplgnfo.dll
%SysDir%\pfplgprx.dll
%SysDir%\pfplgscn.dll
Added to registry:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisFilter
Type: 0x00000001
Start: 0x00000002
ErrorControl: 0x00000000
ImagePath: "\??\%SYSTEMDIR%\drivers\ndisfilter.sys"
DisplayName: "NdisFilter"
Group: "Base"
%sysdir%\ndisfilter.sys | Malware |
%sysdir%\ndisfilter.sys | Dangerous |
%sysdir%\ndisfilter.sys | High Risk |
ndisfilter.sys is a kernel mode rootkit.
ndisfilter.sys is used to hide the existence of the pfplg*.dll file.
Rootkit hooks into the kernel's System Service Descriptor Table (SSDT).
Rootkit affects the addresses corresponding to the function "NTQueryDirectoryFile".
Rootkit contacts remote hacker server using HTTP session.
Related files:
%SysDir%\drivers\ndisfilter.sys
%SysDir%\pfplgflt.dll
%SysDir%\pfplgnfo.dll
%SysDir%\pfplgprx.dll
%SysDir%\pfplgscn.dll
Added to registry:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisFilter
Type: 0x00000001
Start: 0x00000002
ErrorControl: 0x00000000
ImagePath: "\??\%SYSTEMDIR%\drivers\ndisfilter.sys"
DisplayName: "NdisFilter"
Group: "Base"
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.