Benny, Ratter
29a [6]
March 2002
Well, how to start? In the past, there were many ideaz how to get rid off that new feature of Windows 2000 - The System File Protection. GriYo/29A was the first one who warned us and solved that problem very smartly. Using SfcIsFileProtected API that can tell us if the file is or is not protected by operating system. Viruses used this API and if file was protected, they simply did not infect it.