NTOSKRNL-HOOK is a detection for technique used by Rootkit Trojan and be able to hide malicious files and process from Windows and security programs. NTOSKRNL-HOOK Rootkit are  programs that can be utilized by malware authors to conceal malicious files from being seen during a real-time scanning of security programs.


  • Generic Rootkit.d!
  • Generic Rootkit.d!rootkit 5

Risk Level: Medium

File Size: Varies

Affected System: Windows

Common Symptoms:
1. May reduced system performance with no trace of process in the task manager.
2. An increased of disk space usage without a trace of file.
3. May cause system crashes and Blue Screen of Death (BSOD)

Signs and Symptoms of NTOSKRNL-HOOK Trojan Infection:

NTOSKRNL-HOOK Trojan will disable your antivirus program
Once a Trojan infects a computer, it has a tendency to lower security settings and disable firewall and antivirus program. NTOSKRNL-HOOK Trojan carry out this task to ensure that antivirus software will not respond on the attack.

Blocks Internet access to security web site
NTOSKRNL-HOOK Trojan attacks the center of the security system. Aside from disabling antivirus software, this Trojan also blocks your access to security web site to prevent downloading of any removal tools.

Presence of NTOSKRNL-HOOK Trojan reduces PC's performance
Trojans are known to reside in the memory, thus, it can consume resources that can cause computer to slow down. There are cases that infected computer crashes due to insufficient resources.

Other Functions of NTOSKRNL-HOOK Trojan:

  • NTOSKRNL-HOOK Trojan can communicate to a remote server to download more threats
  • It can infect executable files on the local and network drives
  • This hazardous Trojan can connects to a distant server to update its configuration
  • Some variants of NTOSKRNL-HOOK Trojan can destroy system files making the computer unstable
  • This Trojan can allow a backdoor entry for an attacker to control the infected PC

How to Remove NTOSKRNL-HOOK Trojan

Step 1 - Run a thorough scan using your antivirus program

1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. Open your antivirus application and update the virus definitions. This method ensures that your antivirus program can detect even newer variants of NTOSKRNL-HOOK Trojan

3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Select Safe Mode with Networking.
- System will boot Windows loading only necessary drivers and system files.


4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable, better place them in quarantine. Once the scan is complete please proceed with the next step.

Step 2 - Double-check with Online Virus Scanner

Another way to remove NTOSKRNL-HOOK Trojan without the need to install additional antivirus application is to perform a thorough scan with free online virus scanner that can be found on websites of legitimate anti-virus and security provider.

5. Go to Online Virus Scanner list and run a virus scan. This may require plug-ins, add-on or Activex object, please install if you want to proceed with scan.

Online Scan

6. After completing the necessary download, your system is now ready for online virus scanning.
7. Select an option in which you can thoroughly scan the computer to make sure that it will find and delete entirely all infections not detected on previous scan.
8. Remove or delete all detected items.
9. When scanning is finished you may now restart the computer in normal mode.

Step 3 - Automatic Removal of NTOSKRNL-HOOK Trojan files and registry entries

In order to completely remove the threat, it is best to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.


  1. NICK



  2. Anthony

    I used combofix to get rid of it. It took a few times, but it cleaned the system up. It was a nightmare – everywhere i looked nothing would work. I couldn’t get online because the networking wasn’t working even in safe mode. It would boot for like 2 seconds then blue screen of death, and restart. Try combofix. I also read somewhere that you should delete it after you use it, so that is what i did. I am not a computer expert, I am just telling you what worked for me. Good luck. Oh and FYI, combofix tried working the first time and didn’t work (it wasn’t able to restart to go through the 41 steps) but the second time it was able to. I think it has to do it in the normal boot up mode and not safe mode. Good luck – i turned off my network card before starting it in normal mode and disabled everything the last time i was in safe mode. hope that is helpful.

Comments are closed.