From the doc: 'AFX Windows Rootkit 2003This software generates a system patch that will hide processes, files, folders registry keys and netstat entries from Windows 95/98/ME/NT/2k/XP/2003. Information is withheld based on 4 lists of mask strings. This enables you to apply wildcards to hiding functions such as hiding files based on "*.exe" or netstat entries based on "*TCP*:80*" to hide http traffic.The "example.exe" include is preconfigured to hide all processes/files and keys matching "~~*" and all "*TCP*" traffic. The installer copies itself to the system directory and extracts 2 DLL files from it's resources. It saves the files as "iexplore.exe" and "explorer.exe". The first dll is loaded into "explorer.exe" which then installs hooks contained in "explorer.dll".To configure a custom rootkit run "RootKit.exe" and click "Help" and make sure to compress your installer!Aphex'
AFXrootkit [McAfee]Bck/Ratsou.A [Panda]Trojan Horse [Panda]Trojan.Win32.Delf.m [Kaspersky]Trojan.Win32.Madtol.aTrojan.Win32.Madtol.a [Kaspersky]Win32.Afrootix [Computer Associates]Win32/Afrootix!Trojan [Computer Associates]Win32/Madtol.A trojan [Eset]
example.exerootkit.exe