on one of computers I installed NIS 19.1.0.28, computer have no internet connection, so i can not to update it, as i know I only can update virus definitions file (and that is all???)

( http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=n95 )

on that machine I have undetectable rootkit, detected by GMER (high-lighted red with "hidden service" and close to "svchost.exe -netsvc" process) exactly this process in %windir%/system32 is Norton trusted.

HitmanPro displays a note that somethat have direct access to HDD and usually it is a threat.

probably it is not new rootkit (connection between computers are only by local network and usb sticks and CD/DVD discs)

Rootkit is detected by that software while non updated (only virus definitions) are running.

Do Symantec need this sample? What to do to catch it on that machine to transfer it to you with tracking number in further?

From Team: offer of instruments and tactic of sample catching, from me  - submitted sample offer.

---

WinXP SP:unknown probably 2, 32 bit