Damn, that post belongs in another thread.

I wanted to post this here:

http://www.ngssoftware.com/research/...CI_Rootkit.pdf

"FromTheRafters" <erratic@nomail.afraid.org> wrote in message
news:uHA7lPJOJHA.2100@TK2MSFTNGP05.phx.gbl...
>I guess zeroes are good enough for stopping a process from
> accessing the data, by this leaves you open to forensic probes.
>
> "FromTheRafters" <erratic@nomail.afraid.org> wrote in message
> news:O%23RknFJOJHA.1396@TK2MSFTNGP05.phx.gbl...
>> "Donna Ohl" <donna.ohl@sbcglobal.net> wrote in message
>> news:ASbNk.4031$D32.757@flpi146.ffdc.sbc.com...
>>>I was in Beijing, and I used my Windows PC there with a freeware firewall
>>> and freeware anti virus and freeware malware scanners.
>>
>> Usually, depending on which ones you have, these are adequate
>> safeguards. A couple of anti-spyware applications could also be
>> added to round things out.
>>
>>> Recently a friend said nearly all American travelers were to be warned
>>> by
>>> the State Department that their laptops, if left in the hotel, were
>>> almost
>>> certainly compromised.
>>
>> Physical access to the machine trumps all!
>>
>>> How could I tell if a keylogger or other spyware was inserted onto my
>>> laptop by the Chinese?
>>
>> Scan for everything under the sun from a *clean* environment.
>> Booting from a known clean boot cd should thwart *most*
>> malware from interfering with the scanning.
>>
>> Follow the advice of PA Bear as well. If I am not mistaken, the
>> HijackThis program has to be run from the tainted environment
>> in order to get at the registry data it needs to scan.
>>
>
>