Re: RootKit Revealer Tool

From: Alex Nichol (alexn.mvpdts_at_ntlworld.delete.com)
Date: 02/25/05

• Next message: dinodod_at_gmail.com: "Default Profile in XP w/o sysprep"
• Previous message: Alex Nichol: "Re: Format not an option for D:"
• In reply to: R. McCarty: "Re: RootKit Revealer Tool"
• Next in thread: Howard Harris: "Re: RootKit Revealer Tool"
• Messages sorted by: [ date ] [ thread ]

---

Date: Fri, 25 Feb 2005 15:52:31 +0000

R. McCarty wrote:

> Yes, it's a little on the cryptic side. What I don't understand is how
>RootKits can get past Windows File Protection. I would assume it
>doesn't change the identifier that WFP monitors.

Rootkits refers to auxiliary data stored *alongside* a file in NTFS. It
does not relate to the actual file itself, which is all WFP is
interested in. Separate matters

-- 
Alex Nichol MS MVP (Windows Technologies)
Bournemouth, U.K.  Alexn@mvps.D8E8L.org (remove the D8 bit)

---

• Next message: dinodod_at_gmail.com: "Default Profile in XP w/o sysprep"
• Previous message: Alex Nichol: "Re: Format not an option for D:"
• In reply to: R. McCarty: "Re: RootKit Revealer Tool"
• Next in thread: Howard Harris: "Re: RootKit Revealer Tool"
• Messages sorted by: [ date ] [ thread ]

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)