View Full Version : old mbr rootkit
apm
November 14th, 2009, 03:30 AM
at first can detect mbr infected at first scan prevx install. but then somehow prevx cannot detect mbr but only the rootkit installer exe/dll file even run scan again & again???
prevx:
http://www.host-images.com/u/files/xtcd8pqp39nybix1101d.png
verify mbr infected with cureit:
http://www.host-images.com/u/files/bn8xjv2zboj7rhbbyaj1.png
PrevxHelp
November 14th, 2009, 06:09 PM
-{ Quote: "at first can detect mbr infected at first scan prevx install. but then somehow prevx cannot detect mbr but only the rootkit installer exe/dll file even run scan again & again???
prevx:
http://www.host-images.com/u/files/xtcd8pqp39nybix1101d.png
verify mbr infected with cureit:
http://www.host-images.com/u/files/bn8xjv2zboj7rhbbyaj1.png" }-
We have some measures in place to prevent FPs on programs like Rollback Rx which could affect the detection of MBR rootkits. Could you send us a scan log to report@prevxresearch.com so that we can turn on detection for this variant?
It also may be useful to send over the rootkit dropper just in case we'd need to modify detection at all on the server-side.
Thanks! :)
vBulletin® Copyright ©2000-2012, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2012, Wilders Security Forums