How to disable WFP using physical disk information

By: Ha Young Yang

Recently, a threat has appeared which obtains a file’s physical disk location information with the aid of the Windows system APIs, then proceeds to infect the corresponding system file. Ha Young Yang describes exactly how physical disk information is being used to disable Windows file protection.

The full article is available to registered users. Click here for free registration or, if you already are a registered user, login to access the full article.

PDF

Please register to download the PDF

Comment

Malware vs. anti-malware: (how) can we still survive?

News

Malware prevalence report

December 2007

Virus analyses

Crimea river
How to disable WFP using physical disk information

Feature

Assessment war: Windows services

Call for papers

VB2008 Ottawa

VB100 comparative review

VB comparative review: Windows Server 2003

Calendar

Anti-malware industry events

Spam Bulletin

Predictions about the prediction scam

See also

Poll

Should anti-virus software be free for personal use?

Leave a comment
View 18 comments

Jobs Career Sidebar

Virus Bulletin

In this month's magazine:

Co-operation is the only way
XXX racted
Your filters are bypassed: Rustock.C in the kernel
Family matters
The Ottawa rules
DriveSentry Desktop 3.1/3.2 & GoAnywhere 1.0.2/2.0
The problem of backscatter – part 3

Virus Bulletin 10 2008

Virus Bulletin currently has 142,964 registered users.