Jump to content
CCleaner Community Forums
login123

Mebromi trojan

Recommended Posts

I think Windows7 with UAC can stop it from being copied to the Windows folder. But I am unclear as to what would happen if upon reboot, the infected files are not there...ie, on Systems which have their OS Volume frozen with apps running DeepFreeze or Shadow Defender

Share this post


Link to post
Share on other sites

I think Windows7 with UAC can stop it from being copied to the Windows folder. But I am unclear as to what would happen if upon reboot, the infected files are not there...ie, on Systems which have their OS Volume frozen with apps running DeepFreeze or Shadow Defender

 

... or Powershadow, which I use devoutly. I wondered about that also. Don't see how it could survive, all changes are discarded, but ???

Share this post


Link to post
Share on other sites

I assume that most major AV providers have added this definition, but how do you know for sure?

 

Thats a very good question.

I ran ESET's online scanner, came up OK.

Have checked at the Avast! forums a couple of times, but can't find that they say definitely that they have a fix it.

 

What I have been doing is watching my outgoing connections using TCPView from Sysinternals, and so far all the connections seem normal.

Share this post


Link to post
Share on other sites

Not sure if their online scanner finds it. :o But they have a removal tool for it. (if you remove the hyphens it downloads automatically).

 

h-t-t-p://w-w-w.eset.eu/download/emebremover

Share this post


Link to post
Share on other sites

Avast is what I'm personally interested in, but I would think that Avira, AVG, McAfee, MSE, etc. would all be on top of this, too. But who really knows?

Share this post


Link to post
Share on other sites

I just don't understand the thinking behind wanting to infect systems just to mess them up, although I suppose the commercial av publishers love it because it keeps them in business.

 

It does sound very nasty if it can thwart a rescue CD.

Share this post


Link to post
Share on other sites

...

It does sound very nasty if it can thwart a rescue CD.

 

I read and re-read quite a bit about it, paranoid as I am. :P Don't understand it completely.

 

Seems like this one just makes a rescue CD ineffective, since it gets into the boot sector and hides its workings after that. Apparently it isn't "installed" until after the first couple of files get onto your computer and you restart. Then when you restart they mess up the BIOS and/or MBR.

 

So if you fix it with a rescue CD and don't also replace the boot sector, the MBR, and reflash with the right BIOS, you're right back where you started.

 

Apparently Avast! can find it and Symantec, ESET, and GMER can fix it, but I'm not sure.

 

I would be happy to be corrected on this. There was not much definite info available when I went looking, I spent most of a day reading about it.

Share this post


Link to post
Share on other sites

I thought the "don't write" to CMOS jumper was suppose to stop this kind of nonsense overwriting your system BIOS??

 

Richard S.

Share this post


Link to post
Share on other sites

It possibly also needs a bug fix, who knows though, and hopefully the av software everyone uses can stop it otherwise it would be an involved fix.

Share this post


Link to post
Share on other sites

Seems like they're saying that it only targets Award BIOSs. I wondered if that might be just a preliminary run. Where is my tin foil hat when I need it?

Share this post


Link to post
Share on other sites

For full protection wear the AFDB

 

BEWARE OF COMMERCIAL AFDBS: Since you should trust no one, always construct your AFDB yourself to avoid the risk of subversion and mental enslavement. Sometimes, AFDBs will be sold on places like eBay. Do not purchase these pre-made AFDBs, even if the seller seems trustworthy. They may contain backdoors, pinholes, integrated psychotronic circuitry or other methods that actually promote mind control.

 

http://zapatopi.net/afdb/

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...