tag:blogger.com,1999:blog-9518042.post115014766607649659..comments2024-03-19T07:46:20.437-05:00Comments on Windows Incident Response: Malware update: Rootkit that uses NTFS ADSUnknownnoreply@blogger.comBlogger4125tag:blogger.com,1999:blog-9518042.post-1152175621935360512006-07-06T03:47:00.000-05:002006-07-06T03:47:00.000-05:00Take a look to:• pe386• msguard• lzx32JohnTake a look to:<BR/>• pe386<BR/>• msguard<BR/>• lzx32<BR/><BR/>JohnAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-9518042.post-1150961731220022372006-06-22T02:35:00.000-05:002006-06-22T02:35:00.000-05:00See also ...http://www.f-secure.com/weblog/archive...See also ...<BR/>http://www.f-secure.com/weblog/archives/archive-062006.html#00000907<BR/><BR/>AxelAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-9518042.post-1150631097466069792006-06-18T06:44:00.000-05:002006-06-18T06:44:00.000-05:00EF,I took a look at some of the stuff posted...not...EF,<BR/><BR/>I took a look at some of the stuff posted...not sure I see how this one is "really advanced"...but I could be missing something. <BR/><BR/>Care to elaborate?<BR/><BR/>Thanks.H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-1150567937850330112006-06-17T13:12:00.000-05:002006-06-17T13:12:00.000-05:00Try to google "System32:18467"This new RK is reall...Try to google "System32:18467"<BR/>This new RK is really advanced...not only for the NTFS streams<BR/><BR/>EFAnonymousnoreply@blogger.com