Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

W32/almanahe.c - New Variant Of This Advanced Rootkit


  • Please log in to reply
No replies to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:10:22 PM

Posted 04 June 2007 - 10:17 AM

Based on personally testing corporate AV products head-to-head, I've found McAfee provides a robust scanning engine. However, this advanced rootkit alters Windows services in such a manner than only the latest version of McAfee's corporate and retail products can detect it (although older versions can detect this using SAFE MODE, if the user discovers this new type of rootkid infection).

W32/Almanahe.c - New Variant of this Advanced Rootkit
http://vil.nai.com/vil/content/v_142394.htm

Due to the nature in which this virus operates once a machine is successfully infected, read-access to the DLL and SYS components of the virus may be denied. VirusScan 11.x and VirusScan Enterprise 8.5 or newer can detect and remove these rootkit-protected components directly. Older products may be able to detect this using Safe Mode


More information can be found here:
http://msmvps.com/blogs/harrywaldron/archi...-the-block.aspx

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users