On 11/11/05, Phil Daley <[EMAIL PROTECTED]> wrote: > At 11/10/2005 08:43 PM, David W. Fenton wrote: > >> One of the things it does is hook into low-level file I/O subroutines >> to hide its own files and its own activities. This is accomplished by >> hiding every file/directory that begins with $sys$ (or a similar such >> pattern -- I could be misremembering the exact prefix). > > That's exactly the correct prefix.
In fact, I know of a guy who put a file called "$sys$_canary" on his desktop, so that he'll know if he ever gets this rootkit because the file will disappear (like the canaries used by miners). While humorous, I think it's kind of silly... just don't ever click "OK" to Sony's EULA, or hold Shift when inserting one of their CDs so that AutoRun won't kick in. As previously mentioned, you can disable AutoRun altogether, but that seems a bit extreme to me. -- Brad Beyenhof Real-time Finale discussion: http://www.finaleirc.com my blog: http://augmentedfourth.blogspot.com Silence will save me from being wrong (and foolish), but it will also deprive me of the possibility of being right. ~ Igor Stravinsky _______________________________________________ Finale mailing list [email protected] http://lists.shsu.edu/mailman/listinfo/finale
