Hello,
Many of you get infected with this trojan and don't even know about it...!
TRO/ROOT KIT is a malicious Trojan infection. There is a problem with this trojan TRO/ROOT KIT or Win32:Small-HUF [Trj] which in the last few weeks many people get - but no one know about the infection since the most AV provider dident even detect this one.
Some time ago AVAST has detect this trojan (but never could delete it), but right now AVAST not even detect the trojan.
Still today - Not even Kaspersky or Malwarebytes is able to detect this trojan!
symptoms and signs (no always) that you maybe have if this trojan is on your system : This trojan could make internet connection problems.
This TRO/ROOT KIT just come back again and again with its advanced techniques.
TRO/ROOT KIT is made to escape the detection so it is not surprising that you are hit by this nasty virus even though you have installed several antivirus software in your computer.
following files created by TRO/ROOT KIT:
%System%\SysWOW64\drivers\[RANDOM CHARACTERS].sys
Known virus sample:
C:\Windows\SysWOW64\drivers\mjvhhu.sys
C:\Windows\SysWOW64\drivers\tcoifh.sys
C:\Windows\SysWOW64\drivers\vqdtrh.sys
C:\Windows\SysWOW64\drivers\wayuia.sys
C:\Windows\SysWOW64\drivers\zedltn.sys
%Windows%\system32\[random].exe
%AppData%\[random].exe
Reg key:
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WAYUIA\0000]
"Service"="wayuia"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="wayuia"
"Capabilities"=dword:00000000
And following registry entries are created:
HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions
HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce\[random]
HKEY_CLASSES_ROOT\CLSID\[random numbers]
.registry:
-------\Legacy_MJVHHU
-------\Legacy_TCOIFH
-------\Legacy_VQDTRH
-------\Legacy_WAYUIA
-------\Legacy_ZEDLTN
-------\Service_mjvhhu
-------\Service_tcoifh
-------\Service_vqdtrh
-------\Service_wayuia
-------\Service_zedltn
Any help from AVAST team???
Thank you and best reagrds.
Laura