Does anyone know if Altiris overwrites the boot sector?

[James Moore <jhmiso () RIT EDU>]

We had a system detected with mebroot/torpig just before an Altiris refresh.  The group using Altiris thinks that 
Altiris overwrites the whole disk.  Anyone know for sure?

Jim
- - - -
Jim Moore, CISSP, IAM
Senior Information Security Forensic Investigator
Rochester Institute of Technology
151 Lomb Memorial Drive
Rochester, NY 14623-5603
(585) 475-5406 (office)
(585) 255-0809 (Cell - Incident Reporting & Emergencies)
(585) 475-7920 (fax)


If you consciously try to thwart opponents, you are already late.  Miyamoto Musashi, Japanese philosopher/samurai, 1645


Risk comes from not knowing what you're doing. -Warren Buffet

CONFIDENTIALITY NOTE: The information transmitted, including attachments, is intended only for the person(s) or entity 
to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, 
dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other 
than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any 
copies of this information