But previously I thought that devices like a CFP* belong to AVG driver - avgtdi.sys, AVG Network connection watcher (by Googling of course, because I haven't this AVG driver).
A forum for reverse engineering, OS internals and malware analysis
rkhunter wrote:At least for me, Matrosov post looks nice. He also told that HiddenFsReader was updated for dump files of this rootkit version.
kmd wrote:his post full of self arrogance, misses details and contains simple lame stuff like mentioned there unpacking and tdi driver research.I think that most of the good researches in ESET were done by Eugene Rodionov.If i'm not missing something ;)
kmd wrote:Of course all we have an our opinion...but is it correct point of view that "don't write anything at all"? Of course all we can to discuss any paper or something else, but seems this is criticism. If you can do something better, let's do, nope?rkhunter wrote:At least for me, Matrosov post looks nice. He also told that HiddenFsReader was updated for dump files of this rootkit version.
his post full of self arrogance, misses details and contains simple lame stuff like mentioned there unpacking and tdi driver research. is it good? nope i do not buy this. hiddenfsreader? dump tdlfs container and rc4 it with key from boot record. aside from this he clearly copypasted most of info from there. lets say - would he post this without discussion here? no. just like in old times idiot from prevx copypasted whole thread about tdl4 in his blogpost.
rkhunter wrote:At least for me, Matrosov post looks nice.Agreed.
EP_X0FF wrote:So maybe mr. Matrosov will register there and post something? :) Enough lurking around. Even for corporate bussiness it's looking strange.What's looking strange?