Troj/Agent-REQ , TrojanClicker
http://blog.eset.com/2011/04/15/kb25060 ... dl4-on-x64
Although the patch helps with this particular case it doesn’t solve the problem in general. There are other ways of penetrating into kernel-mode address space on x64 operating systems, for instance, as in the case of the Chinese bootkit which is detected as NSIS/TrojanClicker.Agent.BJ (VirusTotal). This uses quite a different approach to load its unsigned driver.
http://www.tongjimba.com/antivirus/howt ... _5888.html
http://www.virustotal.com/file-scan/rep ... 1302866399
MD5 : 2c6a26d16499a6c34828b5d9f30e1baf
SHA1 : 6c914f1111c739e1981aacb4df08821396e5bb3e
SHA256: bc3ef8a3b36a98ffb0365d449ab63e7571a1b5790af44a22bf012c29a14abb3a
http://blog.eset.com/2011/04/15/kb25060 ... dl4-on-x64
Although the patch helps with this particular case it doesn’t solve the problem in general. There are other ways of penetrating into kernel-mode address space on x64 operating systems, for instance, as in the case of the Chinese bootkit which is detected as NSIS/TrojanClicker.Agent.BJ (VirusTotal). This uses quite a different approach to load its unsigned driver.
http://www.tongjimba.com/antivirus/howt ... _5888.html
http://www.virustotal.com/file-scan/rep ... 1302866399
MD5 : 2c6a26d16499a6c34828b5d9f30e1baf
SHA1 : 6c914f1111c739e1981aacb4df08821396e5bb3e
SHA256: bc3ef8a3b36a98ffb0365d449ab63e7571a1b5790af44a22bf012c29a14abb3a
