[EP_X0FF]

2- Can it bypass VM?

What does the following mean?

[shaheen]

I mean: Can it bypass a Windows Virtual Machine to infect the windows host OS?

Thanks

[EP_X0FF]

1- Which anti-rootkit applications can detect this currently?

All. I mean antirootkits, not BSOD-generators or students works.

I mean: Can it bypass a Windows Virtual Machine to infect the windows host OS?

No.

Before asking any questions about this or any other particular rootkit it's better read first technical details which are widely available in internet, including even this thread.

[shaheen]

Thank, actually I was just remembering to read something about this issue but I don,t remember where exactly I read that so I aksed. So I was mistaken I think.

Thanks

[PX5]

This one is a bit more intense, lots of thought put into self preservation and is really a classic POS to remove without the pc in front of you.

I watched a *.nls file reinstall the whole infection after I THOUGHT i had cleaned it. :roll:

[SUPERIOR]

guys i dont know if this mentioned before or not that matters but i noticed that this rootkit trying to install this rogue "InstallAntivirus2010.exe"

[Alex]

Prevx's analysis of ZeroAccess rootkit - ZeroAccess, an advanced kernel mode rootkit.

[cjbi]

Interesting blog post from Kaspersky Labs

English(Google Translate): MAX++ - an attack on x64
Russian: MAX++ - атака на x64

[Blitskrieg]

English version of blogpost - http://www.securelist.com/en/blog/493/M ... _platforms

[Flopik]

Seem like they are ready for x64
http://www.securelist.com/en/blog/493/M ... _platforms
http://threatpost.com/en_us/blogs/zeroa ... um=twitter