How can i submit a nasty rookit for analysis

Discussion in 'ESET Smart Security' started by furny_au, May 20, 2008.

Thread Status:
Not open for further replies.
  1. furny_au

    furny_au Registered Member

    Joined:
    May 20, 2008
    Posts:
    1
    Hi,

    Found a nasty spam sending trojan/rookit on a clients pc that seems to be a varient of srizbi.

    ESET SS 3.0.621.0 (3115) couldnt detect it or block it with the firewall.

    Just wanted to submit the files Kaspersky found:

    symavc32.sys
    Ist61.sys

    but cant zipp them because windows cant see them. I also assume they will be lost once off the ntfs file system.

    Any thoughts on how to do it?
    Who do i submit them to?

    Should i bother?
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,775
    Location:
    Texas
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    If you boot from a clean media (e.g. from a CD or clean partition), you should see those files. I'd suggest that you move them to a new folder so that they are not loaded the next time you start Windows and send then them to samples[at]eset.com for perusal. A log from ESET SysInspector migt shed more light as well.
     
Thread Status:
Not open for further replies.