Lees hetzelfde in:    Dutch  Deutsch  Polski  Russian  Español  English  
Home / Bestrijden van malafide programma’s / Virussen en oplossingen
Consumenten producten
KAV, KIS & Smartphone bescherming
Zakelijke producten
Werkstation & Server bescherming
Bestrijden van malafide programma’s
Hoe te desinfecteren...
Kaspersky Virus Removal Tool 2010
Algemene informatie
Virussen en oplossingen
Virusbestrijdingsprogramma’s
Online Scanner
Kaspersky Rescue Disk 10
Training en Certificering
Volg een cursus en wordt een gecertificeerd anti-virus security specialist
Zelf Service
Meer hulp online
Over Kaspersky Lab Ondersteuning
Informatie over ondersteuning en regels
Zoek door de sectie vraag en antwoord:
Artikel nummer   
Geavanceerd zoeken :

 
Zoeken:  
Artikel nummer :     
 

How to deal with malware family Rootkit.Win32.PMax?
This section explains how to neutralize complicated malware, i.e. when user participation is required to modify the system registry or execute a special utility, for example. If you have not found the requested information in this section please submit a request to the Kaspersky Lab Technical support.

How to deal with malware family Rootkit.Win32.PMax?

 ID Article: 2980    Andere talen:  Deutsch  Polski  Russian  Español  English      Views for 7 days 10    Last modified on 13.07.2010 16:51 Afdrukbare versie

A rootkit is a program or a suite of programs designed to obscure the fact that a system has been compromised.

For operating systems MS Windows, the term rootkit stands for a program that infiltrates the system and hooks system functions (Windows API). By hooking and modifying low-level API functions, such malware can effectively hide its presence in a system. Moreover, rootkits as a rule are able to conceal any processes, folders and files on discs as well as registry keys described in its configuration. Many rootkits install own drivers and services (hidden as well) into the system.

 

The utility PMaxKiller.exe serves for disinfection of systems infected with malware family Rootkit.Win32.PMax.

The utility is compatible with x86 versions of MS Windows: 2000, XP, 2003, Vista, 2008, 7.
While MS Windows x64 versions cannot be infected with malware family Rootkit.Win32.PMax.


Disinfection of an infected system

    • Download the archive PMaxKiller.zip and extract it into a folder on an infected (or potentially infected) computer using an archiver program (WinZip for example).
    • Execute the file PMaxKiller.exe.
    • Wait until the scan process is over. If an infection is detected, it is necessary to reboot the computer.

If run without any arguments, the utility will do the following:

  • Runs a memory scan for a malicious driver, and disinfects it if detected in order to prevent termination of legal processes (and setting of blocking DACLs) attempting to access the registry.
  • Runs a scan of system library files which may be infected with the malicious program. If detected, the utility will carry out disinfection upon reboot.



    Command line arguments for the utility PMaxKiller.exe:

-c <file_name> - reset DACL on the indicated file (in order to eliminate blocking of execution of legal processes by the malware).
-d <file_name> - dump malicious driver into the file.
-l <file_name> - write utility runtime log into the file.
-v - output a detailed log (of used with key -l).



Signs of infection by malware family Rootkit.Win32.PMax:


  • Antivirus processes randomly stop during antivirus scan. Moreover, a prohibiting DACL (Discretionary Access Control List) set for executable files is blocking restart of such processes. An attempt of execution will display a message warning about insufficient privileges.
  • GMER detects hidden modules with paths containing "__max++>".

 

 Heeft de informatie u geholpen?

                       

 Give your Overige Feedback.

 

Kaspersky Lab

Copyright © 1997-2013 Kaspersky Lab
Site map  |   Contact Opnemen  |   Internationale Support Service   |  Stuur een verdacht bestand
Persoonlijk Dossier  |   Registratie  |   Veelgestelde vragen over het Persoonlijk Dossier

Stay connected