I see you have been battling many rootkits lately, all of which seem to have similar properties and (for all I know) may be nearly the same! Seeing as you are dealing with them, I was wondering if you have any of these files to submit to Symantec? because obviously Norton is struggling to remove or detect these particular ones and so I believe that it would be to the benefit of the community if you have any to submit them? :-)
*EVERYONE ELSE*
If you suspect you have one of the rootkits that Quads has been dealing with, try to make a concerted effor to submit the files, as I really think we need to get the protection against these nasties toughened up!!
Sorry Guys, I didn't mean to imply that it is only Norton, my bad:-) I just simply thought that it would be beneficial to the entire Norton community if we could try and get these rootkits to Symantec so that they could analyse them more thoroughly - maybe they'll even see a new way of defending against rootkits, seeing as these ones must use some new malicious tech to so efficiently avoid most AV's!! It would be great if they could incorporate something new and better against these types of threats into 2010!
Anyway, if anyone does have samples, plz submit them to Symantec!! If you don't know how, just ask!!
Oh and I must say, along with quite a few people, its fun watching Quads kill the rootkits!!
What I think would help norton to detect rootkits is intrusion prevention technology implemented into early load. The IP signatures already help analyze the behavior of the data going to and from our computers and the internet. At the moment early load only loads auto-protect early. Auto-protect works great however it is made to protect your computer mainly while it is turned on, not so much while it is starting-up. Early load needs to know just what kinds of actions rootkits take to harm your computer so that it can more easilly identify and stop them.