Many security software installed. This is one of their hooks.
Mni41.sys is the PE386 rootkit, based on Rustock.B, we can said that because it contains tcp/ip stack machine unique to all rustocks and packer...
@fcukdat What a surprise! From our sources we discovered that wincom32.sys is the predecessor of Rustock.A series. Unfortunatelly we have...
Got it, thanks. This rustock variant is old buggy B, but with some new early not seen hook inside wanarp.sys, interesting... What about...
Thanks for testing! I'm little surprised with lzx32.sys result That is something new. Can we get the copy of this Rustock variant? :)
Hello, RkUnhooker v3.7.300.506 has been released http://rku.nm.ru/rkunhooker_v3/RkU3.7.300.506.zip Size: ~160 Kb MD5 for installation .exe file...
Site is gone and not exists anymore, with same success you can point in middle ages. Londonbeat, Find a n o t h e r target for your...
Hello again. Back from Kaspersky and its exploiting to the my main lovely theme. Discussions about my(our) work and my(our) childish behaviour :)...
Re on Dmitry Sokolov unperfect lies. Hello guys :) I'm here not to discuss, just to answer. Thanks for everyone who do not believe in Greatis...
@gmer In the end, to stop sarcastics statements here (I hope, it is almost up to gmer): - stop joking when you have nothing to say - your level...
Yes really LOL statement from Gmer, also this answer with quote is very funny indeed. Yeah dear friend, keep thinking so, keep smile, you have...
Here is a gift for very professional and sophisticated GMER author. Wonderful Vista support of your latest (12.04) build. Immediatelly BSOD after...
gmer, want to tell you, how to bypass ARK's, AV's, FW? 1. inline at disk driver (that gives abilities to control any data operation, including...
If you have backups on other media then nothing to worry about. He doesn't like this word - bug. Actually it bring him in the panic-like state, :o
Rustock.C? Of course - no. It can't even detect it. Not surprise for me, because 1. It is one of the easiest bypassing rkdetectors available...
Yes, it is a series of bugs in 3.31. Use 3.30 instead. Can you dump whole ntoskrnl.exe with that hook and upload to review? But don't forget to...
Gmer, are you seriously think that it is new version? what a shame on you LOL
It can contains unprintable characters. Please upload it somewhere to check.
You should show this on SysInternals. Probably, really bug.
I can't agree with that. Because IE7 frame hook is in user mode, ntkrnlpa+blabla in kernel mode, they can't be dependent. I can give you advice....
LOL, what will be if you press Restore SSDT?
What about default Windows Defender ;) ?
Joanna and 90210 are more theorists than practical.
Thanks EASTER. SystemJunkie, can you show screen of that invisible SSDT hook? Screen with GMER? Probably another GMER bug is discovered :)
Bugs and false positives generated by your software in a whole, I guess. Nice screens :)
Separate names with a comma.
