Home page logo

basics logo Security Basics mailing list archives

rootkit behavior
From: rainmann () sbcglobal net
Date: 26 Jul 2006 04:10:41 -0000

Can a rootkit hide on a seperate physical disk from the operating system? In other words, if WINNT is on c:\ can the 
rootkit live on physically seperate data drives e:\ and f:\?

I have a client who wants his c:\ drive reformatted and reloaded to insure that no rogue program remains.  I haven't 
been able to give him a definitive answer concerning his extensive data drives.

Also, does anyone know of any useful detection tools other than RootKit Revealer and Blacklight? I saw the post the 
other day about Helios but read that 1) it requires the .Net framework (ouch!) and 2) doesn't work for Win2K.

Any advice here would be greatly appreciated. 

This list is sponsored by: Norwich University

The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]