Threat Information for "UAC Rootkit"

Removal Top

StopSign will automatically remove this infection with a paid membership.

Summary Top
  • Name: UAC Rootkit
  • Aliases:
  • Date Discovered: 2009-03-30
  • Protection Added: 2009-04-02
Description Top
-- Ease of Removal

1: Creates new registry entries with consistent data
2: Consistent file contents
3: Consistently named
4: Uses rootkit functionality
5: Hides registry entries
6: Hides files
7: Hides running processes
8: Runs as a service
9: Injects DLLs into running processes
10: Uses redundant/watcher processes

-- Privacy Risks/Security Changes

1: Disables security software
2: Disables administrator tools
3: Logs browsing habits and visited websites
4: Mimics legitimate file names

-- Damage/Intrusion/Annoyance

1: Silently modifies other programs' information or website content as displayed
2: Displays targeted popup advertisements
3: Changes browser search settings
4: Significantly slows down the computer
5: Creates new files
6: Autoruns at startup without an option to be disabled

-- Propagation/Saturation

1: Infects with other exploitation method
2: Infects from a link in an email
3: Infects from an email attachment
4: Installed by other infections
Technical Details Top
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\drivers\UACd.sys
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\uac*.*
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\UACdcmd
  • Added Registry Key:
    Key: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UACd.sys
  • Added Registry Key:
    Key: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_UACd
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\UACddata
  • Added Registry Key:
    Key: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UACd.sys
  • Added Registry Key:
    Key: HKLM\SYSTEM\CurrentControlSet\Services\UACd