This Rootkit comes in the form of a Windows DLL application extension. The original file name HookNTQSI.dll, which in turn inspired the McAfee alias.


Like the other Rootkits in the Agent family, it is not a standalone piece of malware. This is normally bundled with other malicious files. The DLL is customized to hide Trojan programs in Task Manager, to avoid detetion. It can also be customized to hook and intercept Windows message boxes.


  • Boot into Safe Mode or a Live CD
  • Force delete the file %system%\HookNTQSI.dll
  • Clean up with an antivirus and/or MBAM



Securelist (Kaspersky Labs),

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.