Dziobas Rar Player trojan

Aprilie 5, 2008 , 1:16 pm

Dziobas Rar Player despre care va povesteam, e detectat acum de NOD32 ca trojan. Personal, cred ca NOD32 o suge si se va rezolva cu urmatorul update.

Scris de admin in IT&C Related | (1) Comentariu

Trojan.Mebroot

Ianuarie 14, 2008 , 7:36 pm

Aflu de la Chip de Trojan.Mebroot
Symantec zice ca:

When the Trojan is executed, it creates the following mutex so that only one instance of it is running on the compromised computer at any time:
Global\7BC8413E-DEF5-4BF6-9530-9EAD7F45338B

It then reads the Master Boot Record (MBR) and then scans the partition table to find the active boot partition of the computer.

The Trojan infects the MBR, copying the original MBR to sector 62 on the hard disk.

It then installs its own kernel loader to sectors 60 and 61 of the hard disk.

Next, it copies a rootkit driver near the end of the active boot partition. The Trojan overwrites around 1149 sectors (467 KB) when copying the driver.

Next, the Trojan creates a .dll file in the current folder where it is executed and then runs the following command:
regsvr32 /s [TROJAN FILE NAME].dll

si ca:

Systems Affected: Windows XP, Windows Vista, Windows Server 2003, Windows 2000

Logic ar fi ca daca ai un LILO sau GRUB in MBR cu toate ca ai si Windows, sa te doara`n pai?pe, nu?

Scris de admin in IT&C Related, Linux, m$ | (5) Comentarii