Skip navigation.
Home

Backdoor.Rustock.B

| |

Id really like a copy of Backdoor.Rustock.B.

anyone have it?

thanks

V.

Rustock/Mailbot/pe386 rootkit request

Same here. F-Secure has an interesting write-up and GMER has a video of it. I can't find anyone making it available though.

http://www.f-secure.com/v-descs/mailbot_az.shtml

http://www.gmer.net/pe386.wmv

Might have it if I can find it...

Looking at F-Secure's description they've detected it since May. I'm almost certain I had a malware around then that dropped that driver name but can't find it - what is the method used to spread it? Anyone got an exe name or email details etc? (can't find it anywhere)

Adam Piggott, Proprietor, Proactive Services (Computing)
Professional, friendly computer support
http://www.proactiveservices.co.uk/

good luck. As far as i know

good luck. As far as i know it doesn't actually have any visible files attached to it, just registry entries and data streams. Its the most hidden virus i have ever seen.

Rustock B

Added Rustock B sample :)

MD5SUM: eaa4a3ae6f0512fa4ee9169a86684dda

Thanks

Appreciate the sample. Run across others but then you will find the authors of this malware intruder is constantly modifying it. I must say clever design though, somewhere along the lines of the old coolwebsearch hidden appints_key thingy that not only kept it restarting but morphed itself each new reboot. Now that was a chase to say the least.

Regards