Now that the Mebroot rootkit has been around for a few days, (named by symantec) does anyone have any idea which other AV's recognise it? I guess the problem is that so many of them give the virus different names, AVG did not recognise it under mebroot when I tried it, so does it use a different name for it?
If anyone has any ideas's I would greatly appreciate it.

Thanks in advance, Rollers

Most AVs recognize it, AVG should see it as: PSW.Sinowal.C

Anyone know the Avast! name for it, please?

McAfee identifies it as StealthMBR (http://vil.nai.com/vil/content/v_143908.htm) and StealthMBR!rootkit.

{QUOTE-> Anyone know the Avast! name for it, please? <-QUOTE}
last time i checked avast did not have a signature for it.

Does anyone know what Kaspersky and ESET label this rootkit as?

{QUOTE-> Does anyone know what Kaspersky and ESET label this rootkit as? <-QUOTE}
kaspersky backdoor.win32.sinowal.a or Trojan.Win32.Agent.dsj (version 7/8 called it the first, the virustotal scanner the second name)
eset: Win32/Agent.DSJ

{QUOTE-> kaspersky backdoor.win32.sinowal.a or Trojan.Win32.Agent.dsj (version 7/8 called it the first, the virustotal scanner the second name)
eset: Win32/Agent.DSJ <-QUOTE}

Alright, thank you.

And TrendMicro detect's it as TROJ_SINOWAL.AD

Thanks for your answers.

Rollers

And F-Secure detect it as Trojan:W32/Mebroot.A

Patrik

how about avira antivir PE premium?

Hello,

{QUOTE-> how about avira antivir PE premium? <-QUOTE}
# TR/PSW.Sinowal.GD
# TR/PWS.Sinowal.Gen

-ren

{QUOTE-> Hello,


# TR/PSW.Sinowal.GD
# TR/PWS.Sinowal.Gen

-ren <-QUOTE}

Thank you :)

Anyone know what F-Prot detects it as?

Does anyone know if HIPS or any other anti-keylogger can protect against the keylogging mechanism of StealthMBR?

Is anyone able to post a screen of the client/control console of this beast?

It would be a lot helpful if they decided on one name, instead of individual stupid random words.

http://info.drweb.com/show/3257/en

& discussed here (http://www.wilderssecurity.com/showthread.php?t=198803)