But previously I thought that devices like a CFP* belong to AVG driver - avgtdi.sys, AVG Network connection watcher (by Googling of course, because I haven't this AVG driver).
A forum for reverse engineering, OS internals and malware analysis
At least for me, Matrosov post looks nice. He also told that HiddenFsReader was updated for dump files of this rootkit version.
rkhunter wrote:At least for me, Matrosov post looks nice. He also told that HiddenFsReader was updated for dump files of this rootkit version.
his post full of self arrogance, misses details and contains simple lame stuff like mentioned there unpacking and tdi driver research. is it good? nope i do not buy this. hiddenfsreader? dump tdlfs container and rc4 it with key from boot record. aside from this he clearly copypasted most of info from there. lets say - would he post this without discussion here? no. just like in old times idiot from prevx copypasted whole thread about tdl4 in his blogpost.
kmd wrote:his post full of self arrogance, misses details and contains simple lame stuff like mentioned there unpacking and tdi driver research.I think that most of the good researches in ESET were done by Eugene Rodionov.If i'm not missing something ;)
WBR
SWW
-->Virii Cthulhu has you<--
SWW
-->Virii Cthulhu has you<--
kmd wrote:Of course all we have an our opinion...but is it correct point of view that "don't write anything at all"? Of course all we can to discuss any paper or something else, but seems this is criticism. If you can do something better, let's do, nope?rkhunter wrote:At least for me, Matrosov post looks nice. He also told that HiddenFsReader was updated for dump files of this rootkit version.
his post full of self arrogance, misses details and contains simple lame stuff like mentioned there unpacking and tdi driver research. is it good? nope i do not buy this. hiddenfsreader? dump tdlfs container and rc4 it with key from boot record. aside from this he clearly copypasted most of info from there. lets say - would he post this without discussion here? no. just like in old times idiot from prevx copypasted whole thread about tdl4 in his blogpost.
rkhunter wrote:At least for me, Matrosov post looks nice.Agreed.
Even though I don't understand what I'm looking at, I thought the comparisons between old version and new version with screenshots should be helpful to anyone wanting to get better understanding. He had at least 3 sets of these which was nice IMO.
So maybe mr. Matrosov will register there and post something? :) Enough lurking around. Even for corporate bussiness it's looking strange.
Ring0 - the source of inspiration
EP_X0FF wrote:So maybe mr. Matrosov will register there and post something? :) Enough lurking around. Even for corporate bussiness it's looking strange.What's looking strange?
Lurking around and doing self-PR on others work of course.
Ring0 - the source of inspiration
...it looks like normal PR, not endless PR on Stuxnet and endless stories about weapons.