Rootkit 6CD30EC7C733DFA4.SYS is software that enables continued privileged access to a computer while actively hiding its presence.
Detection and removal of 6CD30EC7C733DFA4.SYS may be a very difficult process.
You should use anti-rootkit software to fix the 6CD30EC7C733DFA4.SYS problem.
Malware Analysis of 6CD30EC7C733DFA4.SYS
Full path on a computer: %SysDir%\drivers\6cd30ec7c733dfa4.sys (Rootkit Necurs)
Detected by UnHackMe:
6CD30EC7C733DFA4.SYS
Default location: %SysDir%\drivers\6cd30ec7c733dfa4.sys (Rootkit Necurs)
Removal Results: Success
Number of reboot: 1
6CD30EC7C733DFA4.SYS is known as:
Rootkit.Necurs
6CD30EC7C733DFA4.SYS hash:
- MD5: a2f2b24bd6fa13095c319f7f61c21d2f
The file tries to connect to the dangerous web site.
How to quickly detect 6CD30EC7C733DFA4.SYS presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\System\CurrentControlSet\Services\6cd30ec7c733dfa4\ImagePath: “\SystemRoot\System32\Drivers\6cd30ec7c733dfa4.sys”
- HKLM\System\CurrentControlSet\Services\6cd30ec7c733dfa4\DisplayName: “hoeklo.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Hoeklo: “”%Temp%\Anve\hoeklo.exe”"
Folders:- %Appdata%\Microsoft\Address Book
- %Temp%\Anve
Files:- %Appdata%\Microsoft\Address Book\Administrator.wab
- %Temp%\Anve\hoeklo.exe
- %Temp%\firefox_updater.exe
- %SysDir%\drivers\6cd30ec7c733dfa4.sys (Rootkit Necurs)