Computer Software > Security

Mebroot

(1/2) > >>

dave.m:
Serious reading from the BBC:
http://news.bbc.co.uk/1/hi/technology/7183008.stm
dave

kitz:
Interesting that that article states

"Although the password-stealing programs that Mebroot installs can be found by security software, few commercial anti-virus packages currently detect its presence. Mebroot cannot be removed while a computer is running."

Yet most of the security software companies I just looked at say their product detects it.
McAffe states "the risk assessment of this threat has been updated to Low-Profiled due to media attention".

Its interesting to note that Elia Florio from symantec whose name they quoted,  has this article on the symantec site.


--- Quote ---Trojan.MebrootRisk
Level 1: Very Low
Wild Level: Low
Number of Infections: 0 - 49
Number of Sites: 0 - 2
Geographical Distribution: Low
Threat Containment: Moderate
Removal: Easy


During our tests, running the "fixmbr" command from within the Windows Recovery Console successfully removed the malicious MBR entry.


--- End quote ---

Dunno if Im being blase since MBR viruses arent anything new and maybe I place too much trust in the simple stuff like ensuring your o/s patches and AV definitions are kept up to date.

oldfogy:

--- Quote ---
Mebroot cannot be removed while a computer is running."


--- End quote ---

--- Quote ---
During our tests, running the "fixmbr" command from within the Windows Recovery Console successfully removed the malicious MBR entry.


--- End quote ---
?

Have I miss-read something here?

mr_chris:
No you haven't - they mean it can't be removed whilst a computer is running in its normal operation i.e. while windows is running. You boot into recovery console with the XP CD and it loads a special version of a Windows command prompt from the CD, which enables you to do stuff to the PC that Windows wouldn't normally let you do.

Hope that helps :)

oldfogy:
Thanks Chris,
I thought for a moment that people were contradicting each other. (from the sources that is)

Navigation

[0] Message Index

[#] Next page

Go to full version