Computer Software > Security
Mebroot
dave.m:
Serious reading from the BBC:
http://news.bbc.co.uk/1/hi/technology/7183008.stm
dave
kitz:
Interesting that that article states
"Although the password-stealing programs that Mebroot installs can be found by security software, few commercial anti-virus packages currently detect its presence. Mebroot cannot be removed while a computer is running."
Yet most of the security software companies I just looked at say their product detects it.
McAffe states "the risk assessment of this threat has been updated to Low-Profiled due to media attention".
Its interesting to note that Elia Florio from symantec whose name they quoted, has this article on the symantec site.
--- Quote ---Trojan.MebrootRisk
Level 1: Very Low
Wild Level: Low
Number of Infections: 0 - 49
Number of Sites: 0 - 2
Geographical Distribution: Low
Threat Containment: Moderate
Removal: Easy
During our tests, running the "fixmbr" command from within the Windows Recovery Console successfully removed the malicious MBR entry.
--- End quote ---
Dunno if Im being blase since MBR viruses arent anything new and maybe I place too much trust in the simple stuff like ensuring your o/s patches and AV definitions are kept up to date.
oldfogy:
--- Quote ---
Mebroot cannot be removed while a computer is running."
--- End quote ---
--- Quote ---
During our tests, running the "fixmbr" command from within the Windows Recovery Console successfully removed the malicious MBR entry.
--- End quote ---
?
Have I miss-read something here?
mr_chris:
No you haven't - they mean it can't be removed whilst a computer is running in its normal operation i.e. while windows is running. You boot into recovery console with the XP CD and it loads a special version of a Windows command prompt from the CD, which enables you to do stuff to the PC that Windows wouldn't normally let you do.
Hope that helps :)
oldfogy:
Thanks Chris,
I thought for a moment that people were contradicting each other. (from the sources that is)
Navigation
[0] Message Index
[#] Next page
Go to full version