Search found 1 match
- Tue Feb 12, 2008 8:51 am
- Forum: madSecurity
- Topic: Rootkit using NtCreatekey then NTEnumeratekey, etc
- Replies: 3
- Views: 15644
Rootkit using NtCreatekey then NTEnumeratekey, etc
Hi, newbie here, be gentle.:~ I suspected I have a rootkit installed and found icesword by http://www.antirootkit.com/software/IceSword.htm. When I ran it I see in the system service descriptor window the Kmodule load paths are all from /Windows/System32, except one item. The item renames itself fro...