login123 Posted September 26, 2011 Share Posted September 26, 2011 Years ago there was a trojan that infected the BIOS, apparently it's back. http://www.symantec.com/connect/blogs/bios-threat-showing-again http://blogs.norman.com/2011/malware-detection-team/mebromi-a-bios-flashing-trojan The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-) Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers. Link to comment Share on other sites More sharing options...
Moderators DennisD Posted September 26, 2011 Moderators Share Posted September 26, 2011 Sounds like it has the ability to stop you booting from a rescue cd if it chose to do so, apart from anything else it could do. Very naughty. Link to comment Share on other sites More sharing options...
Tr3bg0D Posted September 26, 2011 Share Posted September 26, 2011 I think Windows7 with UAC can stop it from being copied to the Windows folder. But I am unclear as to what would happen if upon reboot, the infected files are not there...ie, on Systems which have their OS Volume frozen with apps running DeepFreeze or Shadow Defender Link to comment Share on other sites More sharing options...
login123 Posted September 26, 2011 Author Share Posted September 26, 2011 I think Windows7 with UAC can stop it from being copied to the Windows folder. But I am unclear as to what would happen if upon reboot, the infected files are not there...ie, on Systems which have their OS Volume frozen with apps running DeepFreeze or Shadow Defender ... or Powershadow, which I use devoutly. I wondered about that also. Don't see how it could survive, all changes are discarded, but ??? The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-) Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers. Link to comment Share on other sites More sharing options...
Tom AZ Posted September 26, 2011 Share Posted September 26, 2011 I assume that most major AV providers have added this definition, but how do you know for sure? Link to comment Share on other sites More sharing options...
login123 Posted September 26, 2011 Author Share Posted September 26, 2011 I assume that most major AV providers have added this definition, but how do you know for sure? Thats a very good question. I ran ESET's online scanner, came up OK. Have checked at the Avast! forums a couple of times, but can't find that they say definitely that they have a fix it. What I have been doing is watching my outgoing connections using TCPView from Sysinternals, and so far all the connections seem normal. The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-) Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers. Link to comment Share on other sites More sharing options...
Tr3bg0D Posted September 26, 2011 Share Posted September 26, 2011 Well ESET appears to be behind Link to comment Share on other sites More sharing options...
login123 Posted September 26, 2011 Author Share Posted September 26, 2011 Not sure if their online scanner finds it. But they have a removal tool for it. (if you remove the hyphens it downloads automatically). h-t-t-p://w-w-w.eset.eu/download/emebremover The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-) Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers. Link to comment Share on other sites More sharing options...
Tom AZ Posted September 26, 2011 Share Posted September 26, 2011 Avast is what I'm personally interested in, but I would think that Avira, AVG, McAfee, MSE, etc. would all be on top of this, too. But who really knows? Link to comment Share on other sites More sharing options...
Corona Posted September 26, 2011 Share Posted September 26, 2011 How can they not know about it if we do? Link to comment Share on other sites More sharing options...
Moderators Andavari Posted September 27, 2011 Moderators Share Posted September 27, 2011 I just don't understand the thinking behind wanting to infect systems just to mess them up, although I suppose the commercial av publishers love it because it keeps them in business. It does sound very nasty if it can thwart a rescue CD. Link to comment Share on other sites More sharing options...
Moderators Andavari Posted September 27, 2011 Moderators Share Posted September 27, 2011 "Supposedly in Windows 8 this type of infection will be a thing of the past," see this Softpedia article about the updated security: http://news.softpedi...ms-223377.shtml Link to comment Share on other sites More sharing options...
login123 Posted September 27, 2011 Author Share Posted September 27, 2011 ... It does sound very nasty if it can thwart a rescue CD. I read and re-read quite a bit about it, paranoid as I am. Don't understand it completely. Seems like this one just makes a rescue CD ineffective, since it gets into the boot sector and hides its workings after that. Apparently it isn't "installed" until after the first couple of files get onto your computer and you restart. Then when you restart they mess up the BIOS and/or MBR. So if you fix it with a rescue CD and don't also replace the boot sector, the MBR, and reflash with the right BIOS, you're right back where you started. Apparently Avast! can find it and Symantec, ESET, and GMER can fix it, but I'm not sure. I would be happy to be corrected on this. There was not much definite info available when I went looking, I spent most of a day reading about it. The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-) Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers. Link to comment Share on other sites More sharing options...
redhawk Posted September 27, 2011 Share Posted September 27, 2011 I thought the "don't write" to CMOS jumper was suppose to stop this kind of nonsense overwriting your system BIOS?? Richard S. Link to comment Share on other sites More sharing options...
Moderators Andavari Posted September 27, 2011 Moderators Share Posted September 27, 2011 It possibly also needs a bug fix, who knows though, and hopefully the av software everyone uses can stop it otherwise it would be an involved fix. Link to comment Share on other sites More sharing options...
login123 Posted September 28, 2011 Author Share Posted September 28, 2011 Seems like they're saying that it only targets Award BIOSs. I wondered if that might be just a preliminary run. Where is my tin foil hat when I need it? The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-) Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers. Link to comment Share on other sites More sharing options...
Moderators Andavari Posted September 28, 2011 Moderators Share Posted September 28, 2011 Where is my tin foil hat when I need it? Here's your hat. Link to comment Share on other sites More sharing options...
Moderators hazelnut Posted September 28, 2011 Moderators Share Posted September 28, 2011 For full protection wear the AFDB BEWARE OF COMMERCIAL AFDBS: Since you should trust no one, always construct your AFDB yourself to avoid the risk of subversion and mental enslavement. Sometimes, AFDBs will be sold on places like eBay. Do not purchase these pre-made AFDBs, even if the seller seems trustworthy. They may contain backdoors, pinholes, integrated psychotronic circuitry or other methods that actually promote mind control. http://zapatopi.net/afdb/ Support contact https://support.ccleaner.com/s/contact-form?language=en_US&form=general or support@ccleaner.com Link to comment Share on other sites More sharing options...
login123 Posted September 28, 2011 Author Share Posted September 28, 2011 The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-) Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers. Link to comment Share on other sites More sharing options...
Moderators DennisD Posted September 28, 2011 Moderators Share Posted September 28, 2011 When I'm out and about and notice anyone looking my way I always think .. "I can read yours as well, so watch out". Just in case. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now