Just installed Comodo AV on a system, scanned, and detected a rootkit. I’m having trouble locating information about what rootkit it is and what removal options I may have. Comodo AV was unable to remove the rootkit.

In Antivirus Events there are many entries referring to this rootkit, but here is just one example it finds in the registry:

Malware Name: Rootkit.HiddenKey@0
Action: Detect
Status: Succes
Date: 01/07/2011 5:13:55PM

Can someone please suggest how to proceed at this point?


did you ever have mcafee installed?

did you ever have mcafee installed?

Yes. Removed it today and installed Comodo Internet Security.


looks like a left over driver/service that Mcafee was using and comodo found it becasue for some reason mcafee hid it.

I would use the mcafee removal tool

disable comodo, disable D+, sandbox, and AV so the removal tool can do its job. Run the tool, then restart. Re-enable comodo and rescan. Let me know if it finds it again.

Nice catch languy :wink:


I uninstalled Comodo IS, downloaded the file you said, ran the program, reinstalled Comodo IS, rescanned, and it still detects the Rootkit.HiddenKey@0.

The rootkit now exists in the HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSKSSRV and HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MSKSSRV areas now.

Do you have any further suggestions?


google “how to remove services in windows ( insert your version)” when doing that look for the service marked as mskssrv.

That answer was not helpful, as those are required Windows services that Comodo was reporting as a rootkit. Without any more useful suggestions, I ended up formatting and reinstalling for the last few days… :cry:

If mskssrv was at fault, it was not this service itself, as it is windows genuine (and thus, altough not essential, undeletable unless you use a specific utility), but its hijack by a third-party malware.