Posted: July 1, 2011

Rootkit.Win32.Agent.bhnc Description

Rootkit.Win32.Agent.bhnc is a rootkit that invades the deepest levels of your PC settings and security to allow remote criminals to access and control the infected computer. The presence of Rootkit.Win32.Agent.bhnc has been seen alongside many other threats that specialize in attacking security, including Backdoor Trojans. Since rootkits use advanced techniques to avoid detection, you may see few or no direct signs of a Rootkit.Win32.Agent.bhnc infection. Despite this, removing Rootkit.Win32.Agent.bhnc will be an urgent priority if you want to maintain control over your computer and the privacy of your information.

Rootkit.Win32.Agent.bhnc – The Threat That Takes the Rest of Your OS Along for the Ride

Although Rootkit.Win32.Agent.bhnc has limited distribution as of 2011, any possible Rootkit.Win32.Agent.bhnc infection can still be an extremely dangerous threat to your PC. The latest Rootkit.Win32.Agent.bhnc infections were reported from China, and you may want to use particularly careful security around Chinese websites and file sources, to avoid any Rootkit.Win32.Agent.bhnc attacks.

Rootkit.Win32.Agent.bhnc rootkits have been seen masquerading in the form of fake .sys files in the Windows system folder and may be concealed with the System or Hidden attributes. These files may take up negligible space; Rootkit.Win32.Agent.bhnc has been seen using files sized at a mere 7.7 kilobytes.

Even more deceptively, Rootkit.Win32.Agent.bhnc, like all rootkits, will infect advanced components of your PC and may not show a visible memory process while active. In some cases, you may be able to detect a Rootkit.Win32.Agent.bhnc-infected process by checking the memory and CPU usage of a process in Windows Task Manager.

Friends of Rootkit.Win32.Agent.bhnc That May Be Tugging Your PC Strings

Rootkit.Win32.Agent.bhnc may not be the only infection on your computer; Rootkit.Win32.Agent.bhnc has also been seen in the presence of multiple threats, particularly Trojans and spyware. Known associates of Rootkit.Win32.Agent.bhnc include Trojan-PSW.Gampass (password-stealing spyware), Trojan-Downloader.Win32.Geral.svg and Trojan-Downloader.Win32.Geral.tka (both 'dropper' Trojans that install other harmful programs).

Even Rootkit.Win32.Agent.bhnc may be detected through the use of different names such as Hacktool.Rootkit, Generic.dx!sye, Rootkit.Win32.Agent, Trojan:Win32/Orsam!rts and Mal/Rootkit-X.

Most attacks by Rootkit.Win32.Agent.bhnc and the above threats are enacted with the intent of creating backdoor security holes in your PC. These backdoors let remote attackers install other files on your computer, steal private information, recruit your PC for DDoS attacks or even totally control your computer's actions. This makes any possible Rootkit.Win32.Agent.bhnc infection an extremely high-priority threat that should be attended to as soon as you notice Rootkit.Win32.Agent.bhnc.

Ideally, advanced anti-malware software should be used to remove Rootkit.Win32.Agent.bhnc due to the sophisticated nature of rootkit infections. It's strongly encouraged for you to use the most in-depth scanning options available for removing Rootkit.Win32.Agent.bhnc; less advanced scans may not detect all of Rootkit.Win32.Agent.bhnc's deeply-hidden components.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %Documents and Settings%\[UserName]\Start Menu\ Activate.lnk
    2 %Documents and Settings%\[UserName]\Start Menu\ Settings.lnk

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\secfileHKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon 'Shell' = '%UserProfile%\Application Data\antispy.exe'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings 'WarnOnPostRedirect' = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments 'SaveZoneInformation' = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System 'DisableTaskMgr' = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnceHKEY..\..\..\..{RegistryKeys}HKEY_CURRENT_USER/Software\Microsoft\Windows\CurrentVersion\Run

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Rootkit.Win32.Agent.bhnc may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Rootkits Rootkit.Win32.Agent.bhnc

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.