Troj/NtRootK-AX

Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
More Information


Affected operating systems	Windows
Characteristics	Installs itself in the registry
Included in our products from	January 2007 (4.13)
Protection available since	26 November 2006 16:30:49 (GMT)
Detected by	All Sophos products

More Information

Summary
More Information

Troj/NtRootK-AX is a backdoor Trojan with rootkit functionality. When run Troj/NtRootK-AX creates a service with a name identical to the base filename of the Trojan file.

Troj/NtRootK-AX installs two drivers, xHide.sys and GxNdisHook.sys. The purpose of the drivers is to hide the presence of malicious files, registry entries and TCP ports used by malware.

Troj/NtRootK-AX provides the attacker with an interface for the remote control over the machine.

Get reports about the latest virus and spyware threats delivered to your computer

In this section

Troj/NtRootK-AX

Summary

More Information