Jump to content

AFX Windows Rootkit 2003

Add links
From Wikipedia, the free encyclopedia
This is the current revision of this page, as edited by AnomieBOT (talk | contribs) at 08:19, 12 April 2025 (Dating maintenance tags: {{More citations needed}}). The present address (URL) is a permanent link to this version.
(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

AFX Windows Rootkit 2003 is a user mode rootkit that hides files, processes and registry.

Installation

[edit]

When the installer of the rootkit is executed, the installer creates the files iexplore.dll and explorer.dll in the system directory. The iexplore.dll is injected into explorer.exe, and the explorer.dll is injected into all running processes.[1]

Payload

[edit]

The injected DLLs hooks the Windows API functions to hide files, processes and registry.[1]

References

[edit]
  1. ^ a b "Trojan:Win32/Delf.M". Microsoft. January 16, 2007.
Stub icon

This malware-related article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=AFX_Windows_Rootkit_2003&oldid=1285202363"