Author Topic: Win32.Ntldrbot Rustock.C, does avast! detect; is the team aware of it ...? (Read 4817 times)

Happy-Dude · « **on:** June 07, 2008, 01:41:19 AM »

Well, I started reading about the Win32.Ntldrbot Rustock.C rootkit thinggy, and now I'm a bit frightened.

More info:
http://www.virustotal.com/analisis/f3c4811ee9c7129dbabec54356805a62
http://info.drweb.com/show/3342/en
http://forum.sysinternals.com/forum_posts.asp?TID=14844
http://www.wilderssecurity.com/showthread.php?t=208386

I still don't truly comprehend this piece of malware. Very evasive (high end of polymorphism) and almost impossible to detect and remove once it gets into the system.

A few things:
-How do I prevent infection?
-What does it do? Turns your PC into a bot (part of the botnet), but what info gets sent off?
-How do you tell if you're infected?
-What is the avast! team doing about it ?
-What are other security companies doing about it ?

Can someone help me understand this piece of malware better? Anyone able to answer some of my questions?

Thanks very much guys. I really appreciate it

!!

EDIT-
06-06-08 Added a link to Dr.Web page, which was the first AV to detect the malware.

Dwarden · « **Reply #1 on:** June 08, 2008, 09:26:12 PM »

there are is topic about this http://forum.avast.com/index.php?topic=35297.0

more stuff to read

http://blog.threatexpert.com/2008/05/rustockc-unpacking-nested-doll.html
http://blog.threatexpert.com/2008/06/new-rustock-switches-to-hotmail.html
http://translate.google.com/translate?u=http%3A%2F%2Fwww.viruslist.com%2Fru%2Fanalysis%3Fpubid%3D204007614&hl=en&ie=UTF8&sl=ru&tl=en

street_lethal · « **Reply #2 on:** June 10, 2008, 12:11:36 AM »

So does Avast pick this thing up?

PaulAuckNZ · « **Reply #3 on:** June 10, 2008, 05:34:56 AM »

Get http://www.simplysup.com/ Trojan remover

That should find it

Maxx_original · « **Reply #4 on:** June 10, 2008, 08:41:56 AM »

Quote from: street_lethal on June 10, 2008, 12:11:36 AM

So does Avast pick this thing up?

yes... the detection was added when the information about Rustock.c was confirmed by Dr. Web..

Vlk · « **Reply #5 on:** June 10, 2008, 06:45:42 PM »

BTW the droper has been around (and detected) for at least half a year now...

street_lethal · « **Reply #6 on:** June 10, 2008, 11:34:45 PM »

Thanks for the response.

I know Dr.Web Cureit! also detects it and that's free just in case people want a second opinion.

Lisandro · « **Reply #7 on:** June 10, 2008, 11:48:48 PM »

Quote from: Vlk on June 10, 2008, 06:45:42 PM

BTW the droper has been around (and detected) for at least half a year now...

Thanks... I was becoming worried...

calcu007 · « **Reply #8 on:** June 11, 2008, 01:13:32 AM »

Now the question is:Does it detect all variants?

Lisandro · « **Reply #9 on:** June 11, 2008, 01:33:54 AM »

Quote from: calcu007 on June 11, 2008, 01:13:32 AM

Now the question is:Does it detect all variants?

Yes, that's the question...

Author Topic: Win32.Ntldrbot Rustock.C, does avast! detect; is the team aware of it ...? (Read 4817 times)

Happy-Dude

Win32.Ntldrbot Rustock.C, does avast! detect; is the team aware of it ...?

Dwarden

Re: Win32.Ntldrbot Rustock.C, does avast! detect; is the team aware of it ...?

street_lethal

Re: Win32.Ntldrbot Rustock.C, does avast! detect; is the team aware of it ...?

PaulAuckNZ

Re: Win32.Ntldrbot Rustock.C, does avast! detect; is the team aware of it ...?

Maxx_original

Re: Win32.Ntldrbot Rustock.C, does avast! detect; is the team aware of it ...?

Vlk

Re: Win32.Ntldrbot Rustock.C, does avast! detect; is the team aware of it ...?

street_lethal

Re: Win32.Ntldrbot Rustock.C, does avast! detect; is the team aware of it ...?

Lisandro

Re: Win32.Ntldrbot Rustock.C, does avast! detect; is the team aware of it ...?

calcu007

Re: Win32.Ntldrbot Rustock.C, does avast! detect; is the team aware of it ...?

Lisandro

Re: Win32.Ntldrbot Rustock.C, does avast! detect; is the team aware of it ...?