AFX Windows Rootkit 2003
AFX Windows Rootkit 2003 is a user mode rootkit that hides files, processes and registry.
Installation
When the installer of the rootkit is executed, the installer creates the files iexplore.dll and explorer.dll in the system directory. The iexplore.dll is injected into explorer.exe, and the explorer.dll is injected into all running processes.
Payload
The injected DLLs hooks the Windows API functions to hide files, processes and registry.
References
This article is issued from
Wikipedia.
The text is licensed under Creative Commons - Attribution - Sharealike.
Additional terms may apply for the media files.