From: "Gary Britt" 

ZtreeWin has always shown the Nprotect sub-directory under the Recycled
directory and the files in same.  That info wasn't all that helpful since
NProtect renamed all the files to names that don't mean anything, and kept
their real names in a database index of some kind.

I just checked and the Nprotect sub-directory no longer exists on my
laptop, but some of the Nprotect type file names are now in the Recycled
directory and visible sub-directories.  The Nprotect subdirectory was
hidden and may not have shown up in windows file manager/explorer, but it
always showed up in ZtreeWin.

Just one more reason to keep using ZtreeWin for file management.  It shows
everything pretty much.  Maybe not a real rootkit.

Whatever technology they used to hide that subdirectory it wasn't all that
sophisticated.  Looks like they just hid it from windows explorer.

Gary
"Geo"  wrote in message news:43c63802{at}w3.nls.net...
> http://www.eweek.com/article2/0,1895,1910077,00.asp
>
> Symantec Corp. has fessed up to using a rootkit-type feature in Norton
> SystemWorks that could provide the perfect hiding place for attackers to
> place malicious files on computers.
>
> The anti-virus vendor acknowledged that it was deliberately hiding a
> directory from Windows APIs as a feature to stop customers from
accidentally
> deleting files but, prompted by warnings from security experts, the
company
> shipped a SystemWorks update to eliminate the risk.
>
>

--- BBBS/NT v4.01 Flag-5