I sended (just for the fun and testing) these rootkits to CA (E-trust) : Vanquisch, He4hook and FU. I have more rootkits than these 3 and i will send them one of days to (if i find the time).

They added detection for them asap.

I got almost 10 emails from there automated responce mailer about every signature they included, lol :slight_smile: It seems they inluded the EXE’s to there updates.

I’m willing to send them to AVAST also, but they don’t seem to be really intrested :frowning: looking at the reply’s on this thread. These rootkits are VERY easy to find anyway…so…

Here’s a little copy & paste from my Hotmail inbox :

Dear Waldo Van Laeken,

This is to notify you of the results of your submission, issue number
274911.

With regards to the file “vanquish.exe” submitted by you on 26 Jan
21:33:18 (Australian Eastern Standard Time), we have added cure
instructions for Win32.Vanquish.01 to the signature files for the VET
engine.

The Windows Portable Executable file “vanquish.exe” has been determined
to be malicious. Our researchers have analysed the file and confirmed
the result.


Waldo,

The files you have sent us have been confirmed to contain various new
infections. Detection for the infected files will be provided in a future
signature update. We will email you again when the updates files are ready.

Regards,
eTrust AV Research and Response Group
Computer Associates International, Inc.


FILE CONCLUSION

undetected rootkits.zip clean

\Bureaublad\FU_Rootkit.zip clean

\Sys\MAKEFILE confirmed clean

\EXE\fu.exe malware

\EXE\msdirectx.sys malware

\He4HookInv\DevStudio\bin\win2k\i386\Free\confirmed malware
He4HookInv.sys

\He4HookInv\DevStudio\bin\winnt\i386\Free\confirmed malware
He4HookInv.sys
\He4HookInv\Win32\He4HookControl\He4HookCoconfirmed clean
ntrol.dsp

\He4HookInv\Win32\He4HookControl\He4HookCoconfirmed clean
ntrol.dsw

\He4HookInv\Win32\He4HookControl\main.cpp confirmed clean

\He4HookInv\Win32\He4HookControl\Release\Hconfirmed malware
e4HookControl.exe

\NtDllTest\NtProcessList.cpp confirmed clean

\NtDllTest\NtProcessList.h confirmed clean

\Bureaublad\vanquish-0.1-b9.zip clean

ReadMe.txt confirmed clean

setup.cmd confirmed malware

vanquish.dll confirmed malware

vanquish.exe confirmed malware

\Bureaublad\FU_Rootkit.zip clean

\Sys\MAKEFILE confirmed clean

\EXE\fu.exe malware

\EXE\msdirectx.sys malware

\He4HookInv\DevStudio\bin\win2k\i386\Free\confirmed malware
He4HookInv.sys

\He4HookInv\DevStudio\bin\winnt\i386\Free\confirmed malware
He4HookInv.sys

\He4HookInv\DevStudio\win2k\He4HookInv.dspconfirmed clean