New Virus

This is a new kind of virus that attaches itself to the master boot record of your OS, it then steals your online banking info.
The link gives you more info and program to check and remove it, if your infected
https://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
have a good one
paul


Posted

in

by

Comments

5 responses to “New Virus”

  1. Strangely avatar

    Thanks Paul

    I used to use that from when it was called VET. It was australian and got bought out by Computer Associates (CA) who also bought Zone Alarm I think and then merged it into one. If you check in the depths of the program, there’s still a lot of VET code. However, I stopped using it when it missed something and they put the price up. I used to use Zone Alarm when it was standalone but I just stick with the windows firewall now as the router has a very effective one.

    Rees

  2. paul avatar

    I use Zone alarm when Im on internet and they seem pretty good. although i dont monitor their cpu hit. i have a copy if you need it. totally updateable
    paul

  3. Strangely avatar

    No probs Paul.

    For what it’s worth, I checked my AV, which is NOD32, to see if they’d updated themselves. This link
    https://www.eset.com/error/ show that mebroot was added at update 2793. As I write, the current update is 2800 which is 7 updates further down the line. So phew!
    I’m pleased that nod32 is on the ball – and it’s all automatic as well. I’ve actually standardised the 3 PCs on NOD32 now as I’m really happy with it. However, a licence runs out next month so I’ll probably give another vendor a shot as a test. Trouble is, every time I’ve done it, they are either slow or miss something or are hard to use or hit the system so I always go back to NOD32!

    Rees

  4. paul avatar

    cool thanks man, i will try it when i get home
    paul

  5. Strangely avatar

    Thanks mate

    I’ve already been telling people about this one. Here’s something that (might) stop it. What you do is:
    Boot from the windows cd into the recovery console
    When you get the C:prompt type FIXMBR
    If nothing happens then your mbr is normal.
    If you’ve a special mbr or you’ve got the virus then you’ll get a “are you sure you want to continue” kind of message
    If so, Hit Y
    Reboot but into the BIOS. At this point the simple fixmbr command has got rid of the virus from the mbr.
    When in the BIOS see if there’s an anti-virus or lock mbr setting. Enable it to stop the virus getting embedded into the mbr.
    All my last mainboards had one except for my current ones! DOH!
    Now reboot into safe mode
    Do a full scan – hopefully your av is up-to-date
    If not, boot normally and use an online scanner – if you’ve locked the mbr in the BIOS, this will be okay as even if the virus is active, it can’t get into the mbr. A good av prog will fix it. Make sure the firewall is working properly. The virus tries to mail itself out. Best to stop it!

    Try this BBC link http://news.bbc.co.uk/1/hi/technology/7183008.stm
    At the side you’ll see some links to GMER. These are the Poles who spotted the thing and have some tools to get rid of it (mentioned in this BBC article). I tried it and it works but I wasn’t hit. Their description of the thing is very technical. I suppose they know what they’re talking about because I certainly don’t 😉
    Don’t panic!
    Rees

Leave a Reply

Copyright ©1976

All Rights Reserved by Strangely Perfect

Occasional Tweets here @crawlingchaosuk