DeepGuard doesn't block Rootkit ZA sample.


I ran in a virtual machine rootkit ZeroAcces. Antivirus detect this rootkit, so I turned off real time protection to verify that DeepGuard is able to block the rootkit. Unfortunately, he did not.
Rootkit is launched. To me this is a very big mistake and you have to solve it.

I am running this virus on Windows XP SP3, F-Secure TP60.

I am sending a sample of the virus, that you were able to verify this.

Warning!!! This is ROOTKIT ZEROACCES!


Cheers Smiley Very Happy


Ps. I inform you about the problem, I do not want you to help me remove the rootkit, because I know how to do it: D


Edited: URL removed.


  • lodorelodore Posts: 4



    it appears that the archive is corrupt and the file cannot be extracted.

    I would advice you to re zip the file, use the password infected and submit the sample here 




  • pianista47pianista47 Posts: 42

    Try this mirror



    Send to analysis? Why? Antivirus detect this rootkit :) But DeepGuard not and this is a trouble.


    Edited: URL removed.

  • lodorelodore Posts: 4

    Ah i see fair enough.


    that mirror link doesnt seem to work eiether.


  • pianista47pianista47 Posts: 42
    Oh, i dont know... On my system mirror and archive work corretly...
  • BenBen Posts: 2,641 F-Secure Product Expert

    Hello Pianista47,


    As you are using TP60, I moved your post to the Betas and technology Previews part of our community.

  • pianista47pianista47 Posts: 42

    Thans Ben, i was not sure, when should be this topic.


    Edited: URL removed.


  • Is it possible that the rootkit is already there even before installing the DeepGuard? This might be rare, but is it possible? image

This discussion has been closed.