FANDOM


Agent.h is part of a large family called Agent. This particular installation is a rootkit.

Payload

Agent.h is not a standalone program. One would have to download another application, which may download this rootkit. The Rootkit itself isn't even malicious on its own, it simply allows the hacker/backdoor to be anonymous.

The rootkit will drop itself into the system directory:

%System%\msdirectx.sys

It may also drop another key into the registry.

[HKLM\SYSTEM\CurrentControlSet\Services\msdirectx]

Removal

To remove the Rootkit only, boot into a bootable environment. After you have booted into an environment, proceed to delete both the msdirectx.sys file and the registry key. The user can then proceed to run MBAM scans to clear up.

Further Information

SecureList Definition

Aliases

  • Kaspersky: Trojan.Win32.Rootkit.d
  • McAfee: Trojan: He4Hook, Trojan: He4Hook.sys
  • Sophos: Troj/He4Hook-C
  • ClamAV: Trojan.Rootkit-137, Trojan.Rootkit-135, Trojan.Rootkit-136
  • Panda: Rootkit/He4.A
  • FPROT: W32/He4RootKit.A
  • MS OneCare: VirTool:WinNT/He4Hook
  • Dr.Web: Trojan.He4RootKit
  • NOD32: Win32/Rootkit.Agent.H trojan, Win32/Rootkit.D trojan
  • BitDefender: Trojan.Rootkit.D
  • VirusBuster: Rootkit.Agent!Uqt3weX2yWQ, Rootkit.Agent.O, Trojan.He4RootKit!gO56LcZjgAQ
  • Ikarus: RootKit.Win32.Agent.h
  • Ikarus: Rootkit.Win32.Agent
  • AVG: Agent.FH, Backdoor.Agent.SL, BackDoor.Agent.SH
  • NAV: Hacktool.Rootkit
  • Norman: W32/He4Rootkit.C
  • Norman: W32/He4Rootkit.B
  • Norman: W32/He4Rootkit.A
  • NAI: He4Hook
  • NAI: He4Hook.sys
  • Rising AntiVirus Hack.He4Control, RootKit.Agent.az, Backdoor.RootKit
  • FSecure: Rootkit.Win32.Agent.h
  • Trend Micro: TROJ_Generic
  • Trend Micro: TROJ_AGENT.ATEK
  • Sunbelt: Hacktool.Rootkit
  • VirusBuster Beta: Trojan.He4RootKit!gO56LcZjgAQ, Rootkit.Agent!Uqt3weX2yWQ, Rootkit.Agent.O
  • Avast!: Win32:Trojan-gen

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.