Rootkit HBKERNEL32.SYS is software that enables continued privileged access to a computer while actively hiding its presence.
Detection and removal of HBKERNEL32.SYS may be a very difficult process.
You should use anti-rootkit software to fix the HBKERNEL32.SYS problem.
Malware Analysis of HBKERNEL32.SYS
Full path on a computer: %SysDir%\drivers\HBKernel32.sys
Detected by UnHackMe:
HBKERNEL32.SYS
Default location: %SysDir%\drivers\HBKernel32.sys
Removal Results: Success
Number of reboot: 1
HBKERNEL32.SYS is known as:
Rootkit.Agent.ht, Trojan.Magania
HBKERNEL32.SYS hash:
- MD5: 900c3650ca2d45d322a603cfa53e9d10
How to quickly detect HBKERNEL32.SYS presence?
![]( "Registry")
Registry:
![]( "Files")
Files:
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\HBService32: “System.exe”
- HKLM\System\CurrentControlSet\Services\HBKernel32\ImagePath: “system32\drivers\HBKernel32.sys”
- HKLM\System\CurrentControlSet\Services\HBKernel32\DisplayName: “HBKernel32 Driver”
- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs: “HBYY.dll”
Files:- %SysDir%\drivers\HBKernel32.sys
- %SysDir%\HBYY.dll
- %SysDir%\System.exe