McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
Business Home McAfee Labs Threat Intelligence

Generic.dx!rootkit

This page shows details and results of our analysis on the malware Generic.dx!rootkit

Threat Detail

Malware Type: Virus

Malware Sub-type: Generic

Discovery Date: 2009-02-12

Next Steps:

Overview

Generic.dx!rootkit is a detection associated with W32/Virut.n.gen and W32/Virut.n


Minimum DAT

5524 (2009-02-12)

Updated DAT

5524 (2009-02-12)

 Minimum Engine

5.2.00

File Length

Varies

 Description Added

2009-02-12

Description Modified

2009-02-13

Malware Proliferation

Characteristics

The hijacked calls for W32/Virut.n are identified as Generic.dx!rootkit

W32/Virut.n injects code in running processes and hooks the following functions in ntdll.dll which transfers control to the virus every time any of these function calls are made.

  • NtCreateFile
  • NtCreateProcess
  • NtCreateProcessEx
  • NtOpenFile
  • NtQueryInformationProcess

Symptoms

Method of Infection

Removal

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Variants

United States - English