The Dorf Trojans are mounting a comeback with the appearances of Troj/Dorf-F. Troj/Dorf-G and Troj/Dorf-H. Unlike the older Dorf family of Trojans, the rootkit sys files dropped by these variants are now using a couple of layers of encryption, bringing them in line with other components of the Dorf and Dref family. As rootkits have now become another tool in the arsenal of malware authors, it’s really not surprising that the author has continued to work on improving his.
Sophos Anti-Rootkit is able to detect this latest strain of Trojans. This application is available for download for free. For example, below is a snapshot of Sophos Anti-Rootkit revealing the hidden files created by Troj/Dorf-F.