DeepGuard doesn't block Rootkit ZA sample.

pianista47 · May 2012

Hi!

I ran in a virtual machine rootkit ZeroAcces. Antivirus detect this rootkit, so I turned off real time protection to verify that DeepGuard is able to block the rootkit. Unfortunately, he did not.
Rootkit is launched. To me this is a very big mistake and you have to solve it.

I am running this virus on Windows XP SP3, F-Secure TP60.

I am sending a sample of the virus, that you were able to verify this.

Warning!!! This is ROOTKIT ZEROACCES!

Cheers Smiley Very Happy

Ps. I inform you about the problem, I do not want you to help me remove the rootkit, because I know how to do it: D

Edited: URL removed.

lodore · May 2012

Hello,

it appears that the archive is corrupt and the file cannot be extracted.

I would advice you to re zip the file, use the password infected and submit the sample here

pianista47 · May 2012

Try this mirror

Send to analysis? Why? Antivirus detect this rootkit But DeepGuard not and this is a trouble.

Edited: URL removed.

lodore · May 2012

Ah i see fair enough.

that mirror link doesnt seem to work eiether.

pianista47 · May 2012

Oh, i dont know... On my system mirror and archive work corretly...

Ben · May 2012

Hello Pianista47,

As you are using TP60, I moved your post to the Betas and technology Previews part of our community.

pianista47 · May 2012

Thans Ben, i was not sure, when should be this topic.

Edited: URL removed.

nimbystripes · June 2012

Is it possible that the rootkit is already there even before installing the DeepGuard? This might be rare, but is it possible?

DeepGuard doesn't block Rootkit ZA sample.

Comments