Re: Removal and forensics of advanced rootkit employing Shadow Walker technology - help needed!!!
- From: "Karl Levinson" <levinson_k@xxxxxxxxxxxxxxxxxx>
- Date: Sat, 15 Jul 2006 15:53:12 -0400
"Polanski24" <infodate@xxxxxxxx> wrote in message
news:1152977306.356950.33150@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
You're certain there's no chance the SVV could be incorrect? It doesn't
look like there are any guarantees made with that tool. You don't have a
similarly configured system you could run SVV against and compare the
results, do you?
OMG
If IDT (Interrupt Descriptor Table) entry No 14 is redirected to memory
area which has no module with executable code in there system should
crash with blue screen of death at first page fault (even without that
since it will happen immediately after memory manager starts running).
.... assuming the results from the tool are accurate, hence my question.
What was the name of that file you submitted?
.
- Follow-Ups:
- References:
- Removal and forensics of advanced rootkit employing Shadow Walker technology - help needed!!!
- From: Polanski24
- Re: Removal and forensics of advanced rootkit employing Shadow Walker technology - help needed!!!
- From: karl levinson, mvp
- Re: Removal and forensics of advanced rootkit employing Shadow Walker technology - help needed!!!
- From: Polanski24
- Removal and forensics of advanced rootkit employing Shadow Walker technology - help needed!!!
- Prev by Date: Re: Removal and forensics of advanced rootkit employing Shadow Walker technology - help needed!!!
- Next by Date: Re: Removal and forensics of advanced rootkit employing Shadow Walker technology - help needed!!!
- Previous by thread: Re: Removal and forensics of advanced rootkit employing Shadow Walker technology - help needed!!!
- Next by thread: Re: Removal and forensics of advanced rootkit employing Shadow Walker technology - help needed!!!
- Index(es):
