Posts Tagged ‘master boot record’

Computer VirusThere is a new kid of the virus block, and a pretty nasty kid it is too. Named Rombertik, it is generally picked up from attachments on phishing emails (usually appearing to be a .PDF file in the case of this virus).

Maybe one of those emails you received claiming you have won a prize, claiming to be a message from Microsoft, or asking you to validate your bank details. (more…)

Trend MicroTrend Micro Rootkit Buster Beta 5.0 – a free tool to detect rootkits

Trend Micro has announced a new version of the free product Rootkit Buster (Rootkit). C this easy-to-use, reliable and high-performance tool, you can detect rootkits – malicious applications carefully hide their tracks in the system. The main innovation presented in a new version of Rootkit Buster Beta 5.0, is the ability to detect potentially dangerous changes in the MBR (Master Boot Record).

Most existing tools for the detection of rootkits are bulky and not too fast programs targeted at advanced users and professionals. Product Trend Micro Rootkit Buster, available for 32-bit and 64-bit versions of Windows, sets itself apart from many of his “brothers.” The application’s interface is extremely simple and straightforward. All available functions are grouped in a single window. Tab «Log», as you might guess, provides access to the journal in which you can find a detailed report on the results of the audit. A tab «Scan» will configure the scan settings and select one of the key areas of the system (Files or Master Boot Records, Services and Kernel Code Patches) for verification. (more…)

Doctor Web

New Trojan

The company “Doctor Web” – a Russian developer of IT security – reports on the distribution of the new Trojan Trojan.GBPBoot.1, has an interesting self-healing mechanism.

In terms of ongoing data Trojan malicious functions, Trojan.GBPBoot.1 include relatively primitive malware: it is able to download from the remote server and run on the infected computer various executable files or run programs that are not stored directly on the victim’s computer. This exhausts its malicious payload. However, this Trojan is interesting primarily because it has the ability to seriously oppose attempts to remove it.

Trojan.GBPBoot.1 consists of several modules. The first of these modifies the master boot record (MBR) on the hard disk, and then writes to the end of the appropriate section (outside the file system) module virus installer module automatically restore the Trojan archive file explorer.exe and the sector with the configuration data. Then places the system folder virus installer, run it, and your own file deletes. (more…)