Search found 1105 matches

by rkhunter
Fri Jul 15, 2011 2:07 pm
Forum: Tools/Software
Topic: Epic Fail from IDA and ESET
Replies: 14
Views: 18732

Re: Epic Fail from IDA and ESET

News about this incident on http://www.securitylab.ru/news/406333.php (Russian only).
by rkhunter
Thu Jul 14, 2011 5:53 am
Forum: Tools/Software
Topic: Epic Fail from IDA and ESET
Replies: 14
Views: 18732

Re: Epic Fail from IDA and ESET

What do you think about that? As I know he remove watermarks from some binary. And next, as I think, he forged ESET key.
by rkhunter
Mon Jul 11, 2011 1:12 pm
Forum: Malware
Topic: WinNT/Rovnix (alias Mayachok, Cidox, BkLoader)
Replies: 83
Views: 117552

Re: Trojan.Mayachok.2

I test some AV-products on detect/cure my x64 Windows 7 system with Rootkit.Cidox active. And I saw these results: KIS 2011 successfully detection and cure on quick scan MSSE 2.1 detection failed on quick scan ESET NOD32 detection failed Dr.Web 6.0 successfully detection and cure on quick scan Trend...
by rkhunter
Mon Jul 11, 2011 11:04 am
Forum: Malware
Topic: Trojan.MBRlock
Replies: 94
Views: 85910

Re: Trojan.MBRlock

Ok, But i test MSE on detection/remove Mayachok.2 and not detect it with last update. Actually, I making quick scan.
by rkhunter
Mon Jul 11, 2011 9:34 am
Forum: Malware
Topic: Trojan.MBRlock
Replies: 94
Views: 85910

Re: Trojan.MBRlock

I was surprised when i saw that MSE don't check MBR and boot sectors. Is it true? It really is useless from MBR/boot-start malware?
by rkhunter
Mon Jul 11, 2011 7:08 am
Forum: Kernel-Mode Development
Topic: OSR Articles arhive
Replies: 0
Views: 2203

OSR Articles arhive

Good collections of OSR white papers for kernel mode development.
by rkhunter
Mon Jul 11, 2011 7:02 am
Forum: Reverse Engineering and Debugging
Topic: Intel Articles
Replies: 1
Views: 5721

Re: Intel Articles

Other interesting articles.
by rkhunter
Mon Jul 11, 2011 7:01 am
Forum: Reverse Engineering and Debugging
Topic: Intel Articles
Replies: 1
Views: 5721

Intel Articles

Intel manuals for x32-x64 architecture.
by rkhunter
Mon Jul 11, 2011 6:53 am
Forum: Reverse Engineering and Debugging
Topic: Windows Internals Articles
Replies: 0
Views: 5827

Windows Internals Articles

Articles about advanced windows internals.
by rkhunter
Sun Jul 10, 2011 1:48 pm
Forum: Malware
Topic: Rootkit ZeroAccess (alias MaxPlus, Sirefef)
Replies: 374
Views: 323005

Re: Rootkit ZeroAccess (aka MAX++)

Interesting blog post about the new ZeroAccess variant: http://blog.webroot.com/2011/07/08/zeroaccess-rootkit-guards-itself-with-a-tripwire/ Beside most facts EP_X0FF already mentioned, it contains an interesting discovery: Interestingly enough, it also looks like the rootkit has a backdoor: If you...