Malware modifying NTFS permisions
I have noticed a bunch of cases where malware modify NTFS file permissions to prevent deletion (by conventional methods.. I am not referring to booting from a BartPE CD or deleting files by adding the drive as a slave)..
A few names..
Trojan:Win32/Boaxxe.B (MS OneCare),
Definitely look like rootkit type infections..
Has anyone come across samples.. Looks like the DLLs use random file names..like..
Any insights on this would be helpful..