Posts Tagged ‘Trojan.GBPBoot.1’

Doctor Web

New Trojan

The company “Doctor Web” – a Russian developer of IT security – reports on the distribution of the new Trojan Trojan.GBPBoot.1, has an interesting self-healing mechanism.

In terms of ongoing data Trojan malicious functions, Trojan.GBPBoot.1 include relatively primitive malware: it is able to download from the remote server and run on the infected computer various executable files or run programs that are not stored directly on the victim’s computer. This exhausts its malicious payload. However, this Trojan is interesting primarily because it has the ability to seriously oppose attempts to remove it.

Trojan.GBPBoot.1 consists of several modules. The first of these modifies the master boot record (MBR) on the hard disk, and then writes to the end of the appropriate section (outside the file system) module virus installer module automatically restore the Trojan archive file explorer.exe and the sector with the configuration data. Then places the system folder virus installer, run it, and your own file deletes. (more…)