@ xms It wouldn't work though as theres only specific places a SLIC can go, you have to understand the table structures and sizes. The encryption is already in full effect and where the original GRLDR appears to have been targeted on a few users systems the encrypted/random version appears to still be fully working. As I said previously myself and zsmin have already tried SLIC detection and you can't pin the SLIC back down to the file. The other thing is that you can't tell the difference between an emulated SLIC or a real SLIC via software, the placement of where a SLIC should be is sometimes perfect. So with such poor results across different hardware MS can't target systems that way and that's just not me telling people that, zsmin could confirm it too. If you look at what people are doing with the "loader detection" scripts they actually do not prove that theres a loader installed. They look for a file called "GRLDR" which is perfectly legal and may not even contain anything to do with SLIC loading. Take a peak into that file and then you could find all sorts of stuff to flag it as a 100% sure "this is a SLIC loader". Now take a peak at the encrypted one and it's a whole different story, unless you know the decryption and lengths of what's encrypted you're screwed and can't prove 100% that it loads a SLIC. I believe AV companies flag polymorphic type boot virus's as it's just that -- it's a virus. An AV company is not concerned about SLIC loading that's MS's problem, as long as the file is not spreading stuff on the system or doing anything bad the GRLDR will continue to work, both the encrypted and standard versions. So do I think it's unbeatable? no, but do I think MS will bother doing anything about it? no. Why? Because they have to get it accurate, theres no room for error when you put out software that could nuke peoples legally owned Windows OS. And then even if MS do do anything theres always the backup plan and workaround posted the same day things go bad So I'm not saying it's unbeatable, I'm saying its harder to detect when compared to the standard. Plus I think too many people worry about it, even if it went bad for whatever reason you would have lots of time to install a new crack/loader of some sort, that I guarantee. It's conversations like this that I try to remind people we should not really debate, as that can lead to people wanting to try to prove a point and giving information away that MS may not even be aware of. In all I'm thinking about the safety of the public, the guys and girls who use this software and depend on it. If I start talking about encryption and decryption I'm just putting people at risk, and it's not just me who puts them at risk but it's the people that keep bringing the subject up.