Home Malware Programs Trojans IRP Hook Rootkit Trojan

IRP Hook Rootkit Trojan

Posted: August 2, 2012

Threat Metric

Threat Level: 9/10
Infected PCs: 17
First Seen: August 2, 2012
OS(es) Affected: Windows

IRP Hook Rootkit Trojan is a generalized name for a rootkit that adds its code to normal system drivers so that IRP Hook Rootkit Trojan can avoid detection and removal. Because IRP Hook Rootkit Trojan covers a broad category of similar but individual PC threats, the exact identification, symptoms (if any) and attacks from any one IRP Hook Rootkit Trojan may be very different from a second one. However, IRP Hook Rootkit Trojan infections have often been used to conceal other PC threats or manage automatic program-launching procedures; this allows IRP Hook Rootkit Trojan to assist with the payloads of more overt Trojans than itself, such as banking Trojans, keyloggers and browser hijackers. Because IRP Hook Rootkit Trojan is extremely unlikely to be the only PC threat on your computer, SpywareRemove.com malware experts recommend that you take particular care in scanning the entirety of your hard drive while removing IRP Hook Rootkit Trojan with the anti-malware product of your choice.

Why Your Antimalware Software May Be Your Only Chance to Spot an IRP Hook Rootkit Trojan

IRP Hook Rootkit Trojan and similar rootkits do not, as a general rule, display symptoms that are extremely obvious – their purpose is to remain hidden while they enable more obtrusive PC threats than themselves. Even if you're able to delete related PC threats temporarily, IRP Hook Rootkit Trojan and other rootkit components have a high chance of reinstalling them, which can lead to some confusion since IRP Hook Rootkit Trojan isn't given to displaying its own presence in obvious ways. Other than alerts from anti-malware programs, minor system resource discrepancies and potential system slowdowns, IRP Hook Rootkit Trojan may not show symptoms that can be used to detect IRP Hook Rootkit Trojan. Passive security software-based protection, therefore, is your best bet to warding off IRP Hook Rootkit Trojan.

IRP, or the I/O request packet system, is a native aspect of Windows that is sometimes exploited by IRP Hook Rootkit Trojan and other rootkits. Typical attacks involve injecting malicious code for IRP Hook Rootkit Trojan into native system drivers, often simultaneously with similar injection attacks against Windows memory processes. If you're able to access Task Manager and know your RAM and CPU usage by heart, you may be able to detect IRP Hook Rootkit Trojan and other PC threats using up excessive resources, although SpywareRemove.com malware analysts note that this is impractical for those who aren't PC security experts.

The Strategies to Deflecting This Crooked Hook in Your OS

IRP Hook Rootkit Trojans have been widely utilized for years as a basic attack strategy for rootkit-based PC threats, and SpywareRemove.com malware researchers have found that even as of this month in 2012, IRP Hook Rootkit Trojan-related attacks don't show any signs of slowing. Besides the presence of general anti-malware protection from appropriate software, defenses against IRP Hook Rootkit Trojan can also take the form of patching all software to limit exploits, avoiding risky links, scanning file attachments before opening them and disabling often-exploited browser features such as Java.

An IRP Hook Rootkit Trojan, like all rootkits, is exceptionally difficult to remove, but SpywareRemove.com malware research team recommends treating IRP Hook Rootkit Trojan as a high-level threat to be deleted no matter what cost is necessary. You may be required to boot your PC from a removable media device (a USB flash drive, CD, etc) before your anti-malware scanner can access the files that are infected by IRP Hook Rootkit Trojan.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%AllUsersProfile%\Application Data\.exe File name: %AllUsersProfile%\Application Data\.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%AllUsersProfile%\[RANDOM CHARACTERS] File name: %AllUsersProfile%\[RANDOM CHARACTERS]
Group: Malware file
%AppData%\Roaming\Microsoft\Windows\Templates\[RANDOM CHARACTERS] File name: %AppData%\Roaming\Microsoft\Windows\Templates\[RANDOM CHARACTERS]
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current\Winlogon\"Shell" = "RANDOM CHARACTERS"HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS].exe"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net"
Loading...