Mebroot virus

S

Sebring

I just read an article about the Mebroot virus, which buries itself in the
Master Boot Record and cannot be detected by most virus protection software.
This nasty bug gives hackers access to info from financial sites that are
visited. A program from GMER supposedly can detect and remove this threat,
and a link was included to download it.

I don't know which is scarier - the virus or the download. Does anyone have
any knowledge of this?
 
P

PA Bear [MS MVP]

cf.
http://blogs.technet.com/antimalwar...r-rootkit-virtool-winnt-sinowal-a-report.aspx
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE, OE, Security, Shell/User)
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/

Sebring wrote:
> I just read an article about the Mebroot virus, which buries itself in the
> Master Boot Record and cannot be detected by most virus protection
> software.
> This nasty bug gives hackers access to info from financial sites that are
> visited. A program from GMER supposedly can detect and remove this
> threat,
> and a link was included to download it.
>
> I don't know which is scarier - the virus or the download. Does anyone
> have
> any knowledge of this?
 
D

David H. Lipman

From: "Sebring" <Sebring@discussions.microsoft.com>

|
| I just read an article about the Mebroot virus, which buries itself in the
| Master Boot Record and cannot be detected by most virus protection software.
| This nasty bug gives hackers access to info from financial sites that are
| visited. A program from GMER supposedly can detect and remove this threat,
| and a link was included to download it.
|
| I don't know which is scarier - the virus or the download. Does anyone have
| any knowledge of this?

Yes.
To start with it is NOT a virus, it is a Trojan.
Viruses self replicate. This Trojan does not self replicate and thus is NOT a virus.

This is a MBR modifying Trojan that uses RootKit techniques.

McAfee -- StealthMBR, StealthMBR!rootkit
Sophos -- Troj/Mbroot-A
Symantec -- Mebroot
TrendMicro -- TROJ_SINOWAL.AD

Gmer is a respectable member of the anti malware community and produces one of the *best*
anti rootkit utilities under the same name, Gmer.

A Trojan like this is indeed scary.
Asking about Gmer is good and I can assure you of the respectability of this utility and
its author.

As time passes, and samples of Mebroot is supplied to anto malware/virus companies/producers
more and more applications/utilities will have signatures for this Trojan.

What is *most* important is keeping the OS and applications on your PC properly patched to
prevent exploitation of vulnerabilities that may be used to maliciously insall this Trojan.

One excellent way to check the status of vulnerability patching level is to use the Secunia
Software Inspector.
http://secunia.com/software_inspector

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
You must log in or register to reply here.

Similar threads

W
My virus protection search history shows this Problem: "PUA:AndroidOS/ZkarletPlush" - v. Windows 10
Replies
0
Views
25
WiMe_02
W
W
My virus protection search history shows this Problem: "PUA:AndroidOS/ZkarletPlush" - v. Windows 10
Replies
0
Views
31
WiMe_02
W
A
my virus and threads protection is Off and I can't turn it on again
Replies
0
Views
69
AYUSH SINGH2
A
A
As an admin, i cant open Virus & Threat protection, since its blocked by an IT admin
Replies
0
Views
64
Aishi--
A
R
Windows Server 2025 Secured-core Server
Replies
0
Views
36
RoySasabe
R
Back
Top Bottom