Skip to content

Detection of known rootkits

FAQ » Virus FAQ » Detection of known rootkits

Print Copy link

For detection of active rootkits the AVG program includes the Anti-Rootkit component. This component is able to detect rootkits according to a predefined set of rules. Please note, that all rootkits are detected (not just the infected). In case the AVG program finds some rootkits it does not necessarily mean, that the rootkit is infected. Sometimes, rootkits are used as drivers or they are a part of correct applications.

The list of such correct applications using the rootkit technology can be found below:

Daemon Tools

  • Detected file is:
    • C:\Windows\System32\drivers\al887uj6.sys
    • Name can vary each time AVG removes the rootkit
  • After removal and restart, same hidden driver is detected again (restored by the application).

Alcohol 120%

  • Detected file is:
    • C:\Windows\System32\drivers\ajp34rie.sys
    • Name can vary each time AVG removes the rootkit
  • After removal and restart, the file is detected again (restored by the application).

User Profile Hive Cleanup Service

  • Detected file is:
    • C:\Windows\System32\drivers\uphcleanhlp.sys
    • uphcleanhlp.sys is used for completely terminate the user session when a user logs off.
  • Manufacturer is Microsoft Corp.

More information about rootkits can be found in FAQ 2353.


Was this information helpful to you?
|

I want to know more: Read user guide