How can i submit a nasty rookit for analysis

Discussion in 'ESET Smart Security' started by furny_au, May 20, 2008.

Thread Status:
Not open for further replies.
  1. furny_au

    furny_au Registered Member

    Joined:
    May 20, 2008
    Posts:
    1
    Hi,

    Found a nasty spam sending trojan/rookit on a clients pc that seems to be a varient of srizbi.

    ESET SS 3.0.621.0 (3115) couldnt detect it or block it with the firewall.

    Just wanted to submit the files Kaspersky found:

    symavc32.sys
    Ist61.sys

    but cant zipp them because windows cant see them. I also assume they will be lost once off the ntfs file system.

    Any thoughts on how to do it?
    Who do i submit them to?

    Should i bother?
     
    furny_au, May 20, 2008
    #1
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    164,107
    Location:
    Texas
    ronjor, May 20, 2008
    #2
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    If you boot from a clean media (e.g. from a CD or clean partition), you should see those files. I'd suggest that you move them to a new folder so that they are not loaded the next time you start Windows and send then them to samples[at]eset.com for perusal. A log from ESET SysInspector migt shed more light as well.
     
    Marcos, May 21, 2008
    #3
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...