Posted: June 14, 2013

Guntior Description

The Guntior Bootkit is a rootkit that compromises the original boot loader of your PC to enable its own automatic launch before your OS even is loaded. The foremost function in a Guntior Bootkit attack involves targeting and disabling various processes that are related to security programs, especially major brands of anti-virus software. Guntior Bootkit and other bootkits use sophisticated methods of concealing their existence, and malware research team strongly recommends the use of reliable anti-malware software for finding or deleting Guntior Bootkit, which is a high-level threat that's been in distribution for at least three years.

Guntior Bootkit: a Program Terminator Disguised as Part of Window

Guntior Bootkit is incapable of installing itself, but its installation currently is being handled by a Trojan dropper with some advanced methodology behind its attacks. Like many other rootkit-related PC threats that malware experts have examined, Guntior Bootkit's dropper (sometimes detected as Mal/Jadtre-C) uses a DLL-loading exploit to trick Windows into loading Guntior Bootkit. A malicious DLL that forms part of Guntior Bootkit's main structure is named to look like a normal Windows DLL file, and Mal/Jadtre-C makes a discreet call to the Windows Help and Support Center, which then loads the DLL. Temporary files related to this installation process then are deleted, allowing Guntior Bootkit to proceed with its attacks with a minimum of evidence.

Guntior Bootkit achieves its own control over your computer through driver hooks that are kept in kernel memory, instead of as distinct files. As a rootkit, Guntior Bootkit has a high level of access to your computer and can be used for various attacks, but malware researchers are most familiar with Guntior Bootkit's ability to close a program arbitrarily. Current versions of Guntior Bootkit use this attack to disable important security software, with current targets comprised almost entirely of different brands of anti-virus and anti-malware software, including both the main programs and related applications (such as their updaters). There's a heavy emphasis on Chinese brands of AV software in Guntior Bootkit's list of processes to terminate, which only is to be expected, given Guntior Bootkit's pattern of targeting predominantly Asia-based PCs.

Bringing Your Boot Down on a Guntior Bootkit Infection

Besides its Trojan dropper, Guntior Bootkit usually consists of at least two components: Troj/JadMbr-A and Troj/JadKmem-A. Removing a Guntior Bootkit efficiently almost mandates using powerful anti-malware software or, at least, assistance from an expert in computer security, and you never should expect to be able to detect a Guntior Bootkit infection by observing any symptoms. Since Guntior Bootkit's DLL driver is named after a default Windows file, any manual removal also has a high chance of harming your operating system.

Guntior Bootkit is specific to Windows and has a distribution pattern that focuses on residents of Asia. However, malware experts also must warn any readers that there's nothing about Guntior Bootkit's installation methods or attacks that would make the Guntior Bootki inoperable against computers in other areas throughout the world, and Guntior Bootkit always should be considered a major security hazard until the Guntior Bootki is removed.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Guntior may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.