Troj/NTRootK-CK

Category	Viruses and Spyware
Type	Rootkit
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
More Information


Affected operating systems	Windows
Included in our products from	February 2008 (4.26)
Protection available since	9 December 2007 15:42:40 (GMT)
Detected by	All Sophos products

More Information

Summary
More Information

Troj/NTRootK-CK is a rootkit Trojan for the Windows platform.

When run Troj/NTRootK-CK creates the file <Current Folder>\chipdriver.sys - also detected as Troj/NTRootK-CK

The following registry entries are set:

HKCU\Software\Microsoft\Internet Explorer\Main
DisableScriptDebuggerIE
yes

HKCU\Software\Microsoft\Internet Explorer\Main
Display Inline Videos
no

HKCU\Software\Microsoft\Internet Explorer\Main
Enable AutoImageResize
no

HKCU\Software\Microsoft\Internet Explorer\Main
Play_Animations
no

HKCU\Software\Microsoft\Internet Explorer\Main
Play_Background_Sounds
no

Registry entries are also created under:

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_1197353092
HKLM\SYSTEM\CurrentControlSet\Services\1197353092

Get reports about the latest virus and spyware threats delivered to your computer

In this section

Troj/NTRootK-CK

Summary

More Information