Rootkit RETCP.SYS is software that enables continued privileged access to a computer while actively hiding its presence.
Detection and removal of RETCP.SYS may be a very difficult process.
You should use anti-rootkit software to fix the RETCP.SYS problem.
Malware Analysis of RETCP.SYS
Full path on a computer: %Temp%\reTcp.sys
Detected by UnHackMe:
RETCP.SYS
Default location: %Temp%\reTcp.sys
Removal Results: Success
Number of reboot: 1
RETCP.SYS is known as:
Rootkit.Rustok
RETCP.SYS hash:
- MD5: a76ad9fe26c1986b1d7f1c8ef8d44c7b
The file tries to connect to the dangerous web site.
How to quickly detect RETCP.SYS presence?
![]( "Registry")
Registry:
![]( "Files")
Files:
Registry:- HKLM\System\CurrentControlSet\Services\DPro\ImagePath: “\??\c:\sand-box\DPro.sys”
- HKLM\System\CurrentControlSet\Services\DPro\DisplayName: “DPro.sys”
- HKLM\System\CurrentControlSet\Services\FixTool\ImagePath: “\??\c:\sand-box\reTcp.sys”
- HKLM\System\CurrentControlSet\Services\FixTool\DisplayName: “reTcp.sys”
Files:- %Temp%\adopt.exe
- %Temp%\config.ini
- %Temp%\configWord.cf
- %Temp%\DPro.sys
- %Temp%\reTcp.sys
- %WinDir%\he1p