Win32.Ntldrbot Rustock.C, does avast! detect; is the team aware of it ...?

Well, I started reading about the Win32.Ntldrbot Rustock.C rootkit thinggy, and now I’m a bit frightened.

More info:
http://www.virustotal.com/analisis/f3c4811ee9c7129dbabec54356805a62
http://info.drweb.com/show/3342/en
http://forum.sysinternals.com/forum_posts.asp?TID=14844
http://www.wilderssecurity.com/showthread.php?t=208386

I still don’t truly comprehend this piece of malware. Very evasive (high end of polymorphism) and almost impossible to detect and remove once it gets into the system.

A few things:
-How do I prevent infection?
-What does it do? Turns your PC into a bot (part of the botnet), but what info gets sent off?
-How do you tell if you’re infected?
-What is the avast! team doing about it ?
-What are other security companies doing about it ?

Can someone help me understand this piece of malware better? Anyone able to answer some of my questions?

Thanks very much guys. I really appreciate it :slight_smile: !!

EDIT-
06-06-08 Added a link to Dr.Web page, which was the first AV to detect the malware.

there are is topic about this http://forum.avast.com/index.php?topic=35297.0

more stuff to read :slight_smile:

http://blog.threatexpert.com/2008/05/rustockc-unpacking-nested-doll.html
http://blog.threatexpert.com/2008/06/new-rustock-switches-to-hotmail.html
http://translate.google.com/translate?u=http%3A%2F%2Fwww.viruslist.com%2Fru%2Fanalysis%3Fpubid%3D204007614&hl=en&ie=UTF8&sl=ru&tl=en

So does Avast pick this thing up?

Get http://www.simplysup.com/ Trojan remover

That should find it

yes… the detection was added when the information about Rustock.c was confirmed by Dr. Web…

BTW the droper has been around (and detected) for at least half a year now…

Thanks for the response.

I know Dr.Web Cureit! also detects it and that’s free just in case people want a second opinion.

Thanks… I was becoming worried…

Now the question is:Does it detect all variants?

Yes, that’s the question…