On 1 Apr 2010 at 6:09, David Lum wrote: > This is an interesting one, it comes through as a print processor and gets > called by spoolsv,eve: > http://www.surfright.nl/en/home/press/tdl3-rootkit-still-large-issue-for-ant > i-virus-programs We had a machine hit with it but I can´t tell if McAfee > should have caught it or not - we don´t have McAfee locking the machines > down very hard but reading the article I don´t know if it would have even > caught it.
Long discussion (currently 69 pages, but locked) on this here: Rootkit TDL 3 - Sysinternals Forums - Page 1 http://forum.sysinternals.com/rootkit-tdl-3_topic21266.html Aside: Google "Not In Kansas: learn about our new name." http://www.google.com/ -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~