Search found 1105 matches

by rkhunter
Fri Jul 08, 2011 4:11 pm
Forum: Malware
Topic: WinNT/Rovnix (alias Mayachok, Cidox, BkLoader)
Replies: 83
Views: 117564

Re: Trojan.Mayachok.2

My research shows that on x64 OS, x32-browsers falling, but x64-browsers working correct. And small dll in x64 driver seems is debug stub.
by rkhunter
Fri Jul 08, 2011 1:23 pm
Forum: Malware
Topic: WinNT/Rovnix (alias Mayachok, Cidox, BkLoader)
Replies: 83
Views: 117564

Re: Trojan.Mayachok.2

Dr.Web Scanner in release detect and cure it.
And new research paper about technical detail of Mayachok.2 (till only in Russia) -
http://news.drweb.com/?i=1772&c=23&lng=ru&p=0
by rkhunter
Fri Jul 08, 2011 8:57 am
Forum: General Discussion
Topic: Articles about rootkit techs
Replies: 2
Views: 8577

Re: Articles about rootkit techs

Part 2:
by rkhunter
Fri Jul 08, 2011 8:53 am
Forum: General Discussion
Topic: Articles about rootkit techs
Replies: 2
Views: 8577

Articles about rootkit techs

Collection of articles about advanced rootkit techniques since 2006.
by rkhunter
Wed Jul 06, 2011 12:01 pm
Forum: Malware
Topic: Popureb rootkit
Replies: 24
Views: 22955

Re: Popureb rootkit

TrendMicro wrote post about Popureb: http://blog.trendmicro.com/popureb-vs-tdl4/
by rkhunter
Mon Jul 04, 2011 4:44 pm
Forum: Malware
Topic: WinNT/Rovnix (alias Mayachok, Cidox, BkLoader)
Replies: 83
Views: 117564

Re: Trojan.Mayachok.2

Image
Image
by rkhunter
Mon Jul 04, 2011 4:39 pm
Forum: Malware
Topic: WinNT/Rovnix (alias Mayachok, Cidox, BkLoader)
Replies: 83
Views: 117564

Re: Trojan.Mayachok.2

Yes, bootrec /fixboot for help.
by rkhunter
Mon Jul 04, 2011 10:25 am
Forum: Malware
Topic: WinNT/Rovnix (alias Mayachok, Cidox, BkLoader)
Replies: 83
Views: 117564

WinNT/Rovnix (alias Mayachok, Cidox, BkLoader)

New bootkit with fraud component - browser banner. http://i22.fastpic.ru/big/2011/0525/1f/5a6a8d3e95a0fb27dfd51577ce91e31f.jpeg VT report: http://www.virustotal.com/file-scan/report.html?id=103fde6ee22319f392fc3e75574b3e56798ee8b91a9934dab379355ef1cc8844-1309773726 Unusual infection method of VBR. A...
by rkhunter
Sat Jul 02, 2011 6:25 pm
Forum: Malware
Topic: Rootkit TDL 4 (alias TDSS, Alureon.DX, Olmarik)
Replies: 595
Views: 637064

Re: Rootkit TDL 4 (alias TDSS, Alureon.DX, Olmarik)

Probably you mean this article from Prevx from 1-st May http://www.prevx.com/blog/172/TDL-rootk ... efore.html =)