Undetected Rootkit

R

r4z3r

New member
Hi all,

Just found a rootkit that Spybot was unable to find. Ended up having to use SysInternals RootKit Revealer and boot into BartPE to remove it.

Attached is the files and the RootKitReveal log that shows which reg keys it generates.

Hope thats all thats needed to get it into the detection lists

Sorry, forgot to mention what it actually does.
  • Blocks WindowsUpdate website
  • Blocks most security vendor websites
  • Link redirections
 
Last edited by a moderator:
Hello r4z3r,

Infected Files. How To Submit. Please do not attach or link them here.

Please zip or rar the file/s and send them to:

detections(AT)spybot.info (Replace AT with @)

Put a password like 'infected' on the archive to avoid it being filtered by automatic scanners.

That is the preferred method for our detectives attention. Please do not attach to a topic.

Thank you. :)
Click to expand...

FYI, an anti virus program will detect. Win32/Agent.ODG trojan-deleted.

Best regards.
 
You must log in or register to reply here.
Back
Top