Jump to content

Mebromi trojan

login123

By login123
in Windows Security

 Share

Recommended Posts

login123

login123

Posted
Posted

Years ago there was a trojan that infected the BIOS, apparently it's back.

 

http://www.symantec.com/connect/blogs/bios-threat-showing-again

 

http://blogs.norman.com/2011/malware-detection-team/mebromi-a-bios-flashing-trojan

The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-)

Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers.

Link to comment
Share on other sites
Tr3bg0D

Tr3bg0D

Posted
Posted

I think Windows7 with UAC can stop it from being copied to the Windows folder. But I am unclear as to what would happen if upon reboot, the infected files are not there...ie, on Systems which have their OS Volume frozen with apps running DeepFreeze or Shadow Defender

25qd6wl.jpg
Link to comment
Share on other sites
login123

login123

Posted
  • Author
Posted

I think Windows7 with UAC can stop it from being copied to the Windows folder. But I am unclear as to what would happen if upon reboot, the infected files are not there...ie, on Systems which have their OS Volume frozen with apps running DeepFreeze or Shadow Defender

 

... or Powershadow, which I use devoutly. I wondered about that also. Don't see how it could survive, all changes are discarded, but ???

The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-)

Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers.

Link to comment
Share on other sites
login123

login123

Posted
  • Author
Posted

I assume that most major AV providers have added this definition, but how do you know for sure?

 

Thats a very good question.

I ran ESET's online scanner, came up OK.

Have checked at the Avast! forums a couple of times, but can't find that they say definitely that they have a fix it.

 

What I have been doing is watching my outgoing connections using TCPView from Sysinternals, and so far all the connections seem normal.

The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-)

Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers.

Link to comment
Share on other sites
login123

login123

Posted
  • Author
Posted

Not sure if their online scanner finds it. :o But they have a removal tool for it. (if you remove the hyphens it downloads automatically).

 

h-t-t-p://w-w-w.eset.eu/download/emebremover

The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-)

Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers.

Link to comment
Share on other sites
  • Moderators
Andavari

Andavari

Posted
  • Moderators
Posted

I just don't understand the thinking behind wanting to infect systems just to mess them up, although I suppose the commercial av publishers love it because it keeps them in business.

 

It does sound very nasty if it can thwart a rescue CD.

Link to comment
Share on other sites
login123

login123

Posted
  • Author
Posted

...

It does sound very nasty if it can thwart a rescue CD.

 

I read and re-read quite a bit about it, paranoid as I am. :P Don't understand it completely.

 

Seems like this one just makes a rescue CD ineffective, since it gets into the boot sector and hides its workings after that. Apparently it isn't "installed" until after the first couple of files get onto your computer and you restart. Then when you restart they mess up the BIOS and/or MBR.

 

So if you fix it with a rescue CD and don't also replace the boot sector, the MBR, and reflash with the right BIOS, you're right back where you started.

 

Apparently Avast! can find it and Symantec, ESET, and GMER can fix it, but I'm not sure.

 

I would be happy to be corrected on this. There was not much definite info available when I went looking, I spent most of a day reading about it.

The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-)

Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers.

Link to comment
Share on other sites
login123

login123

Posted
  • Author
Posted

Seems like they're saying that it only targets Award BIOSs. I wondered if that might be just a preliminary run. Where is my tin foil hat when I need it?

The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-)

Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers.

Link to comment
Share on other sites
  • Moderators
hazelnut

hazelnut

Posted
  • Moderators
Posted

For full protection wear the AFDB

 

BEWARE OF COMMERCIAL AFDBS: Since you should trust no one, always construct your AFDB yourself to avoid the risk of subversion and mental enslavement. Sometimes, AFDBs will be sold on places like eBay. Do not purchase these pre-made AFDBs, even if the seller seems trustworthy. They may contain backdoors, pinholes, integrated psychotronic circuitry or other methods that actually promote mind control.

 

http://zapatopi.net/afdb/

 

Support contact

https://support.ccleaner.com/s/contact-form?language=en_US&form=general

or

support@ccleaner.com

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept