Re: "w32/ovide.A" virus



From: "Larry Samuels" <larry@xxxxxxxx>

| Hi David,
|
| Do you trust a computer that has been rooted? Can you be *absolutely* sure
| you haven't missed something or that permissions haven't been changed?
|
| I have a great deal of respect for you and your work--I am just surprised
| that someone with your knowledge of security issues doesn't recommend
| flattening a rooted system.
|

Just because malware *may* use RootKit Technology does NOT mean that one must restart from
the POV of scratch. I'm not sure that this Proxy Trojan even uses RootKit technology. It
doesn't create NR Services, it doesn't inject in the Winlogon Notify, doesn't chaing off
Userinit and Explorer, etc. Seems to me to be a simple Registry Run loaded Proxy Trojan.

Now I must ask, what write-up are you looking at and what specific information on
"w32/ovide.A" makes YOU come to that conclusion.

Troj/HideDl-A -- http://www.sophos.com/virusinfo/analyses/trojhidedla.html

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


.