> sk / GroundZero wrote: > > We found what seems to be a unknown rootkit on a > customer system which was windows 2000 sp4. > It is a kernel resident infector as it installs itself as > hidden device driver operating in kernel level to hide > its directories and programs aswell as network connections. > For our research we named it Win32/McSport-A.
The family name of your rootkit trojan is "Apropos". It seems to belong to the Adware/Spyware category. > More Detailed informations aswell as removal instructions > can be found here: http://www.groundzero-security.com/mcsport.html Description of other Apropos variants: http://securityresponse.symantec.com/avcenter/venc/data/spyware.apropos.c.html http://vil.nai.com/vil/content/v_134133.htm Regards, Axel Pettinger _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
