Mebroot virus

Mebroot virus
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Mebroot virus Sebring 01-15-2008
|--> Re: Mebroot virus PA Bear [MS MVP...01-15-2008
`--> Re: Mebroot virus David H. Lipman01-15-2008
Posted by =?Utf-8?B?U2VicmluZw==?= on January 15, 2008, 12:06 am
If you were  Registered and logged in, you could reply and use other advanced thread options

I just read an article about the Mebroot virus, which buries itself in the
Master Boot Record and cannot be detected by most virus protection software.
This nasty bug gives hackers access to info from financial sites that are
visited. A program from GMER supposedly can detect and remove this threat,
and a link was included to download it.

I don't know which is scarier - the virus or the download. Does anyone have
any knowledge of this?

Posted by PA Bear [MS MVP] on January 15, 2008, 4:04 am
If you were  Registered and logged in, you could reply and use other advanced thread options
cf.
http://blogs.technet.com/antimalware/archive/2008/01/10/mbr-rootkit-virtool-winnt-sinowal-a-report.aspx
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE, OE, Security, Shell/User)
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/

Sebring wrote:
> I just read an article about the Mebroot virus, which buries itself in the
> Master Boot Record and cannot be detected by most virus protection
> software.
> This nasty bug gives hackers access to info from financial sites that are
> visited. A program from GMER supposedly can detect and remove this
> threat,
> and a link was included to download it.
>
> I don't know which is scarier - the virus or the download. Does anyone
> have
> any knowledge of this?


Posted by David H. Lipman on January 15, 2008, 4:42 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

|
| I just read an article about the Mebroot virus, which buries itself in the
| Master Boot Record and cannot be detected by most virus protection software.
| This nasty bug gives hackers access to info from financial sites that are
| visited. A program from GMER supposedly can detect and remove this threat,
| and a link was included to download it.
|
| I don't know which is scarier - the virus or the download. Does anyone have
| any knowledge of this?

Yes.
To start with it is NOT a virus, it is a Trojan.
Viruses self replicate. This Trojan does not self replicate and thus is NOT a
virus.

This is a MBR modifying Trojan that uses RootKit techniques.

McAfee -- StealthMBR, StealthMBR!rootkit
Sophos -- Troj/Mbroot-A
Symantec -- Mebroot
TrendMicro -- TROJ_SINOWAL.AD

Gmer is a respectable member of the anti malware community and produces one of
the *best*
anti rootkit utilities under the same name, Gmer.

A Trojan like this is indeed scary.
Asking about Gmer is good and I can assure you of the respectability of this
utility and
its author.

As time passes, and samples of Mebroot is supplied to anto malware/virus
companies/producers
more and more applications/utilities will have signatures for this Trojan.

What is *most* important is keeping the OS and applications on your PC properly
patched to
prevent exploitation of vulnerabilities that may be used to maliciously insall
this Trojan.

One excellent way to check the status of vulnerability patching level is to use
the Secunia
Software Inspector.
http://secunia.com/software_inspector

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Similar ThreadsPosted
Re: virus January 26, 2006, 7:01 pm
A virus, or not? June 15, 2005, 9:02 pm
Virus February 22, 2006, 5:46 pm
i might have a virus... March 21, 2006, 10:40 pm
What virus is this? April 6, 2006, 10:47 am
Virus or not? May 9, 2006, 4:01 pm
says i have a virus, but cant get rid of it. September 10, 2006, 6:18 pm
virus... October 24, 2006, 6:35 am
help with virus May 22, 2007, 4:11 pm
help with virus May 22, 2007, 4:11 pm

The site map in XML format XML site map

Contact Us | Privacy Policy