http://forums.2kgames.com/forums/sho...?t=6615&page=8
che dire chi compra originale purtroppo oggi come oggi ci rimette sempre
uno stralcio del post in eng.:
Well, let's see. It creates a service, a binary in system32, a bunch of files buried in the depths of Documents and Settings and a registry key in an unusual place, none of which the average user is likely to find. Of those, the registry keys have embedded nulls which means that you do, in fact, require specialized software to remove them - neither regedit nor regedt32 are capable of manipulating them - and the files use both special attributes and filenames that explorer.exe can't handle to make them hard to detect and even harder to remove - although these, at least, you can take care of without special tools, if you know how to use attrib and rmdir.
So, let's see...installs silently and without user consent; remains installed even after the software it was associated with is gone, and indeed can be uninstalled only by hand; uses system and network resources to the user's detriment; doesn't hide itself as well as the BMG rootkit, but does make a half-assed attempt, and cannot be removed without special tools; and is designed around an escalation of privilege to ring 0 that, while not exploited by other blackhats yet, is probably exploitable.
If it's not a rootkit, it's doing a really impressive job of disguising itself as one.