DeepGuard doesn't block Rootkit ZA sample.

Hi!

I ran in a virtual machine rootkit ZeroAcces. Antivirus detect this rootkit, so I turned off real time protection to verify that DeepGuard is able to block the rootkit. Unfortunately, he did not.
Rootkit is launched. To me this is a very big mistake and you have to solve it.

I am running this virus on Windows XP SP3, F-Secure TP60.

I am sending a sample of the virus, that you were able to verify this.



Warning!!! This is ROOTKIT ZEROACCES!

 

Cheers Smiley Very Happy

 

Ps. I inform you about the problem, I do not want you to help me remove the rootkit, because I know how to do it: D

 

Edited: URL removed.

Comments

  • lodore
    lodore Posts: 4

    Hello,

     

    it appears that the archive is corrupt and the file cannot be extracted.

    I would advice you to re zip the file, use the password infected and submit the sample here 

     

     

     

  • pianista47
    pianista47 Posts: 42 Enthusiast

    Try this mirror

     

     

    Send to analysis? Why? Antivirus detect this rootkit :) But DeepGuard not and this is a trouble.

     

    Edited: URL removed.

  • lodore
    lodore Posts: 4

    Ah i see fair enough.

     

    that mirror link doesnt seem to work eiether.

     

  • pianista47
    pianista47 Posts: 42 Enthusiast
    Oh, i dont know... On my system mirror and archive work corretly...
  • [Deleted User]
    [Deleted User] Posts: 0 Former F-Secure Employee

    Hello Pianista47,

     

    As you are using TP60, I moved your post to the Betas and technology Previews part of our community.

  • pianista47
    pianista47 Posts: 42 Enthusiast

    Thans Ben, i was not sure, when should be this topic.

     

    Edited: URL removed.

     

  • nimbystripes
    nimbystripes Posts: 12 Observer

    Is it possible that the rootkit is already there even before installing the DeepGuard? This might be rare, but is it possible? image

This discussion has been closed.