at first can detect mbr infected at first scan prevx install. but then somehow prevx cannot detect mbr but only the rootkit installer exe/dll file even run scan again & again prevx: http://www.host-images.com/u/files/xtcd8pqp39nybix1101d.png verify mbr infected with cureit: http://www.host-images.com/u/files/bn8xjv2zboj7rhbbyaj1.png
We have some measures in place to prevent FPs on programs like Rollback Rx which could affect the detection of MBR rootkits. Could you send us a scan log to report@prevxresearch.com so that we can turn on detection for this variant? It also may be useful to send over the rootkit dropper just in case we'd need to modify detection at all on the server-side. Thanks!
