Thanks for posting that Vrodok. I'll be downloading that for
disinfecting other computers.
I wonder if one could detect that Sony rootkit infection by using the
technique described on Mark Russinovich's page at
http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html:
"Armed with the knowledge of what driver implemented the cloaking I set
off to see if I could disable the cloak and expose the hidden processes,
files, directories, and Registry data. Although RKR indicated that the
\Windows\System32\$sys$filesystem directory was hidden from the Windows
API, it’s common for rootkits to hide directories from a directory
listing, but not to prevent a hidden directory from being opened
directly. I therefore checked to see if I could examine the files within
the hidden directory by opening a command prompt and changing into the
hidden directory. Sure enough, I was able to enter and access most of
the hidden files:"
(and here Mark has a picture of a DOS window with a DIR command response
within c:\windows\system32\$sys$filesystem)
I did this on my system, but I know that I'm free from that infection so
there's no way of telling if this will work with Millennium Edition.
--
Regards from John Corliss
My current killfile: aafuss, Chrissy Cruiser, Slowhand Hussein, BEN
RITCHEY and others.
No adware, cdware, commercial software, crippleware, demoware, nagware,
PROmotionware, shareware, spyware, time-limited software, trialware,
viruses or warez please.
