Threat Information for "Win32.HLLW.Shadow.based"

Removal Top

StopSign will automatically remove this infection with a paid membership.

Summary Top
  • Name: Win32.HLLW.Shadow.based
  • Aliases:
  • Date Discovered: 2009-03-30
  • Protection Added: 2009-03-31
Description Top
-- Ease of Removal

1: Hides running processes
2: Hides files
3: Hides registry entries
4: Uses rootkit functionality
5: Uses redundant/watcher processes
6: Injects DLLs into running processes
7: Runs as a service
8: Consistent file contents
9: File names uniquely generated
10: Creates new unique registry entries

-- Privacy Risks/Security Changes

1: Disables security software
2: Disables administrator tools
3: Opens backdoors

-- Damage/Intrusion/Annoyance

1: Significantly slows down the computer
2: Creates new files
3: Autoruns at startup without an option to be disabled
4: Downloads other threats

-- Propagation/Saturation

1: Infects with other exploitation method
2: Spreads to other computers on the same network
3: Infects through a blind IP address attack
4: Installed by other infections
Technical Details Top
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\drivers\*.* MD5: 5E279EF7FCB58F841199E0FF55CDEA8B
  • Added Directory/File:
    FilePath: %WINDIR%\*.* MD5: 5E279EF7FCB58F841199E0FF55CDEA8B
  • Added Directory/File:
    FilePath: ?:\autorun.inf
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\*.* MD5: 5E279EF7FCB58F841199E0FF55CDEA8B