|
[x]
Posted via EE Mobile
|
|
| Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again. |
|
|
|
|
Asked by DSBONE in Latest Threats, Anti-Virus
We seemed to have been hit with this specific roolkit and our AV cures the computers but at the same time seems to corrupt some system files (Netlogin and DHCP Services to be exact) after the system is rebooted. The only way we can fix the problem is run MS repair on the computers that have been infected or reimage. Does anyone know where we get our hands on this rootkit exe in order to test exactly what it is doing on a standalone system and how our AV is handling it while we are in a control environement? We would like to know exactly what system files are being altered or deleted during the cure. We haven't been able to capture the file before our AV quarantines it. Where can we actually save this file to a flash stick and use it in a controlled environment? Tks.
20091111-EE-VQP-91 - Hierarchy / EE_QW_3_20080625
