PDA

Просмотр полной версии : MBR Rootkit cure with AVZ



Bi!l
24.11.2009, 17:15
Hi folks.

Is there any chance that AVZ will be updated to detect and remove MBR infections?
That would be awesome!

best regards

Alex_Goodwin
26.11.2009, 11:42
The first and second version bootkit

1.5 Проверка обработчиков IRP
\driver\disk[IRP_MJ_READ] = 8177A410 -> перехватчик не определен
\driver\disk[IRP_MJ_WRITE] = 8177A410 -> перехватчик не определен
Проверка завершена
in russian logs AVZ.
AVZ dont remove any version.
Use CureIt, mbr.exe (Gmer), fixmbr, Bootkit remover (http://esagelab.com/resources.php?n=4)

Bi!l
26.11.2009, 12:57
Thank you Alex!

So AVZ is able to detect the rootkit (if AVZ is able to run..) ;)

And yes, i do use gmer (and the recovery console) to cure MBR or heavy rootkit infections (like TDL3).

I just wanted to say that it would be fabulous to have a modul integrated in AVZ to do the job. 8)