Computer security

vbimport

#1

malware is advancing beyond a normal user’s ability to cope with it

Looks like everyone better learn how to wipe their drives clean and start over if trojans like this become the norm

http://www.symantec.com/enterprise/security_response/weblog/2008/02/the_flow_of_mbr_rootkit_trojan.html

fascinating reading


#2

Thanks. Was really an interesting reading. Seems


#3

Stupid virus

http://www.updatexp.com/mebroot.html

Mebroot cannot be removed while a operating system is running. However running the “fixmbr” command from within the Windows Recovery Console successfully removes the malicious MBR entry.

So, do a FDISK /MBR from your floppy boot disk or a fixmbr from your windows xp setup cd and it’s gone. No need to wipe your entire drive.

Or download GMER. Use with caution.


#4

the trojan keeps a backup copy on the hard drive for reinstallation

The standard advise I have been seeing from professional security experts is if the computer is used for sensitive or financial applications that a complete refomat is absolutely necessary as no team of experts can guarantee it’s fixed or clean.

Any computer compromized by a rootkit trojan

Using your advise makes them liable


#5

A reformat won’t reset the MBR though…


#6

agreed
you have to wipe the boot sectors

this sort of thing makes backing up to dvd look very reliable