Threat Search: 

ThreatExpert's Statistics for Hacktool.Rootkit [PC Tools]:

Hacktool.Rootkit [PC Tools] is also known as:
Threat AliasNumber of Incidents
Hacktool.Rootkit [Symantec]661
Mal/Generic-A [Sophos]516
Rootkit.Win32.Agent [Ikarus]397
Rootkit.Win32.Agent.adah [Kaspersky Lab]380
Win-Trojan/Rootkit.59264 [AhnLab]380
Generic.dx!lre [McAfee]323
VirTool:WinNT/Koobface.G [Microsoft]266
Mal/Rootkit-Q [Sophos]82
Trojan.WinNT.Sirefef [Ikarus]80
Backdoor:WinNT/Rustock.H [Microsoft]65
Backdoor.WinNT.Rustock [Ikarus]64
Troj/Agent-LUE [Sophos]60
Trojan-Downloader [Ikarus]60
Win-Trojan/Xema.variant [AhnLab]42
Generic.dx!hmb [McAfee]40
Rootkit.Win32.Agent.zuf [Kaspersky Lab]40
Backdoor:Win32/Prosti.AG [Microsoft]39
BackDoor-DUG.a [McAfee]39
Troj/DwnLdr-HYE [Sophos]39
TROJ_DLOADR.DIM [Trend Micro]39
Trojan-Downloader.Win32.Delf.uvk [Kaspersky Lab]38
Win-Trojan/Agent.2304.Q [AhnLab]36
Trojan-Dropper [Ikarus]33
Generic BackDoor!bfy [McAfee]30
VirTool:WinNT/Rootkitdrv.GZ [Microsoft]28
Trojan:WinNT/Sirefef.A [Microsoft]26
Rootkit.Win32.Agent.ucy [Kaspersky Lab]20
Rootkit.Win32.Agent.zzl [Kaspersky Lab]20
Win-Trojan/Agent.30976.AH [AhnLab]20
not-a-virus:PSWTool.Win32.Agent.ac [Kaspersky Lab]16
Rootkit.Win32.Tiny [Ikarus]13
Rootkit.Win32.Tiny.hp [Kaspersky Lab]13
Trojan-Dropper.Agent [Ikarus]12
Backdoor.Win32.Agent.ajyu [Kaspersky Lab]10
Generic PWS.y!bfb [McAfee]10
Otlard [McAfee]10
Trojan:WinNT/Otlard.B [Microsoft]10
Generic.dx!fwa [McAfee]9
Rootkit.Win32.Agent.wrc [Kaspersky Lab]9
Rootkit.Win32.Agent.zuo [Kaspersky Lab]9
Backdoor:WinNT/Rustock.gen!B [Microsoft]6
Trojan-Downloader.Win32.Geral.cnf [Kaspersky Lab]6
Win-Trojan/Agent.30976.AI [AhnLab]6
Downloader-BNM [McAfee]5
Rootkit.Win32.Small.rc [Kaspersky Lab]5
Troj/Perksh-Gen [Sophos]5
TrojanDownloader:Win32/Perkesh.gen!A [Microsoft]5
Win-Trojan/Downloader.8320.J [AhnLab]5
Backdoor.Win32.Bifrose.bxif [Kaspersky Lab]4
Backdoor:WinNT/Haxdoor.gen!A [Microsoft]4
BackDoor-CCT.dll [McAfee]4
Generic BackDoor!bou [McAfee]4
Generic Downloader.x!bgo [McAfee]4
not-a-virus:Monitor.Win32.ActualSpy.27 [Kaspersky Lab]4
Troj/MDrop-CIQ [Sophos]4
Trojan-Downloader.Win32.Geral [Ikarus]4
TrojanDownloader:Win32/Troxen!rts [Microsoft]4
Win-Trojan/Geral.6272.B [AhnLab]4
BackDoor-BAC!c [McAfee]3
Generic.dx!ndq [McAfee]3
Mal/TDSSPack-G [Sophos]3
Rkit [Ikarus]3
Trojan.WinNT.Tibs [Ikarus]3
Trojan:WinNT/Tibs.gen!A [Microsoft]3
Virus.Win32.Protector [Ikarus]3
Virus.Win32.Protector.c [Kaspersky Lab]3
Virus:Win32/Cutwail.H [Microsoft]3
Win32/IRCBot.worm.variant [AhnLab]3
Win32/Ntfs [AhnLab]3
Win-Trojan/Agent.153728.B [AhnLab]3
FakeAlert-WinwebSecurity.a [McAfee]2
Mal/FakeAV-AX, Mal/EncPk-MX, Mal/FakeAV-AE [Sophos]2
Mal/Nupylos-A [Sophos]2
Mal/Packer [Sophos]2
PWS:Win32/Zbot.A [Microsoft]2
Rootkit.Win32.Agent.aejh [Kaspersky Lab]2
Rootkit.Win32.Agent.upn [Kaspersky Lab]2
Trojan.Rootkit [Ikarus]2
Trojan.Win32.SpBot [Ikarus]2
Trojan.Win32.SpBot.n [Kaspersky Lab]2
Trojan:Win32/Bumat!rts [Microsoft]2
Trojan:WinNT/Alureon.D [Microsoft]2
Trojan:WinNT/Alureon.G [Microsoft]2
TrojanDownloader:WinNT/Nupylos.A [Microsoft]2
Trojan-Dropper.Win32.Agent.argy [Kaspersky Lab]2
TrojanDropper:Win32/Madri.A [Microsoft]2
Win-Trojan/Agent.153728 [AhnLab]2
Backdoor.Win32.Agent.alwg [Kaspersky Lab]1
Backdoor.Win32.Agent.anlf [Kaspersky Lab]1
Backdoor.Win32.NewRest.zm [Kaspersky Lab]1
Backdoor.WinNT.Haxdoor [Ikarus]1
Backdoor:WinNT/Festi.A [Microsoft]1
BackDoor-EKJ [McAfee]1
BehavesLike [Ikarus]1
DNSChanger!cy [McAfee]1
DNSChanger!dd [McAfee]1
DNSChanger!k [McAfee]1
Dropper/Xema.28800 [AhnLab]1
Gen.Rootkit [Ikarus]1
Generic BackDoor!bgl [McAfee]1

Hacktool.Rootkit [PC Tools] has the following possible countries of origin:
OriginNumber of Incidents
China1
Netherlands1

Hacktool.Rootkit [PC Tools] is known to be created as:
%ProgramFiles%\cheat engine\dbk32.sys
%ProgramFiles%\coolpigcinema\kzplay.exe
%ProgramFiles%\coolpigcinema\news.exe
%ProgramFiles%\coolpigcinema\tops.exe
%ProgramFiles%\coolpigcinema\works.dll
%ProgramFiles%\explorer.exe
%System%\006_ok.exe
%System%\4dw4r3rnvucquadp.dll
%System%\daqdrv.sys
%System%\diskmgr.sys
%System%\dllcache\agp440.sys
%System%\drivers\axaahc.sys
%System%\drivers\cgga507.sys
%System%\drivers\drewsss.sys
%System%\drivers\drver.sys
%System%\drivers\dtboveljvceesry.sys
%System%\drivers\etujh.sys
%System%\drivers\faujc.sys
%System%\drivers\fdi8328.sys
%System%\drivers\fio32.sys
%System%\drivers\fjh98e6.sys
%System%\drivers\gdoed58.sys
%System%\drivers\getmac.sys
%System%\drivers\h8srtmchevcvhpy.sys
%System%\drivers\hinbab0.sys
%System%\drivers\hqvitkaxmyha.sys
%System%\drivers\igxxpd.sys
%System%\drivers\ipmngmrrzsibzvr.sys
%System%\drivers\irptcp.sys
%System%\drivers\ixygvqfndjpdj.sys
%System%\drivers\lnigsbwyd.sys
%System%\drivers\nge25b9.sys
%System%\drivers\nup.sys
%System%\drivers\pin5613.sys
%System%\drivers\pvjjo.sys
%System%\drivers\rifdf71.sys
%System%\drivers\rkdc44e.sys
%System%\drivers\tcpz-x86d.sys
%System%\drivers\tmreb71.sys
%System%\drivers\ttbwzyvqqdazer.sys
%System%\drivers\ubznsibht.sys
%System%\drivers\usbembed.sys
%System%\drivers\uuqxgithnzntn.sys
%System%\drivers\wqhpimcctzb.sys
%System%\drivers\wvpusjclpl.sys
%System%\drivers\xfuakari.sys
%System%\drivers\xoigkfozizehle.sys
%System%\drivers\ynajnn.sys
%System%\drivers\zaiqjndds7.sys
%System%\drivers\zojvqpktimqvf.sys
%System%\drivers\zqzab.sys
%System%\drivers\zrqpwlydsdqdn9.sys
%System%\dvapi32.dll
%System%\eycdl.dll
%System%\hdocvw.dll
%System%\linkax.sys
%System%\msobj.sys
%System%\mspk.sys
%System%\ndismgr.sys
%System%\nspass0.sys
%System%\nspass1.sys
%System%\nspass2.sys
%System%\nspass3.sys
%System%\nspass4.sys
%System%\poirtcls.dll
%System%\regedit31.exe
%System%\s3x0n2.dll
%System%\sebdpx.sys
%System%\tdll.dll
%System%\wsnpoema.exe
%System%\zczxcx.exe
%Temp%\00006ea9.sys
%Temp%\mdr.exe
%Temp%\rarsfx0\new90.exe
%Temp%\tcpz_20090108\virtualdevice\driver\tcpz-x86d.sys
%Windir%\r-k.exe
%Windir%\scrblaze.scr
c:\coes.exe
Notes:
  • %ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
  • %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
  • %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
  • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.