Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Gurong.a Rootkit

  • Please log in to reply
No replies to this topic

#1 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 52,091 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:12 PM

Posted 23 March 2006 - 08:05 AM

Gurong.a modifies the operating system kernel, specifically the system service table and process object structures, so it is a kernel-mode rootkit. What makes it different from other kernel-mode rootkits we have seen is the way it installs the rootkit payload into kernel. Often malware uses a special purpose driver or the physical memory device to modify the kernel from user mode. Gurong.a uses the physical memory device as its initial injection vector to install a call gate to the Global Descriptor Table (GDT) that resides in system address space.

Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users