DeepGuard doesn't block Rootkit ZA sample.

pianista47

Hi!

I ran in a virtual machine rootkit ZeroAcces. Antivirus detect this rootkit, so I turned off real time protection to verify that DeepGuard is able to block the rootkit. Unfortunately, he did not.
Rootkit is launched. To me this is a very big mistake and you have to solve it.

I am running this virus on Windows XP SP3, F-Secure TP60.

I am sending a sample of the virus, that you were able to verify this.

Warning!!! This is ROOTKIT ZEROACCES!

 

Cheers

 

Ps. I inform you about the problem, I do not want you to help me remove the rootkit, because I know how to do it: D

 

Edited: URL removed.

lodore

Hello,

 

it appears that the archive is corrupt and the file cannot be extracted.

I would advice you to re zip the file, use the password infected and submit the sample here 

 

 

 

pianista47

Try this mirror

 

 

Send to analysis? Why? Antivirus detect this rootkit But DeepGuard not and this is a trouble.

 

Edited: URL removed.

lodore

Ah i see fair enough.

 

that mirror link doesnt seem to work eiether.

 

pianista47

Oh, i dont know... On my system mirror and archive work corretly...

Ben

Hello Pianista47,

 

As you are using TP60, I moved your post to the Betas and technology Previews part of our community.

pianista47

Thans Ben, i was not sure, when should be this topic.

 

Edited: URL removed.

 

nimbystripes

Is it possible that the rootkit is already there even before installing the DeepGuard? This might be rare, but is it possible?