Skip navigation.
Home

MBR Rootkit

|

Here is a copy of the MBR rootkit that has been getting press lately.

MD5: 88ffe413ce04294cc0ed8c4d163f1c31

Now Most AV detect

Almost all av products detect this now

They are detection the

They are detection the installer, that,s OK. But who detects it when it is already rooted in MBR?

As far as I know gmer latest beta detects and removes. What else? I don,t know!

kaspersky, drweb and nod32

kaspersky, drweb and nod32 detected virus.
Janet Kellman, software reviews editor

They detected the installer

They detected the installer or the rootkit in the MBR( via real time on-access scanner) after installation? And what about removal?

Kaspersky 2009 detected and remove it!!!

kaspersky 2009 is able to detect and remove an active sinowal or mbr rootkit

see
http://img292.imageshack.us/img292/7799/50176282kt5.png

hey mythx

thanks for continuously posting cool stuff to OC. You are one of the more prolific contributers and it's much appreciated.

V.

Fresh off the grill

Fresh off the grill :)

http://www.offensivecomputing.net/?q=ocsearch&ocq=8d9412033c95513db7ee138428f54095

Upload file (Loader)
http://www.virustotal.com/analisis/5fd4425a5244443af645f7ef95a7798c

Sector 00
http://www.virustotal.com/analisis/b19b52bc3fc19c53a07a1dec3a0507fa

I've Norton 360 framework

I've Norton 360 framework .
it can detect it .
but, not chance to gonna fight and remove it .
If I can remove it, surely put it result .

thanks from the PE .

MBR "fixes"

Just FYI guys, I have a feeling if you install one of those boot-manager programs, it will probably overwrite whatever this virus has written to the MBR.

For instance if you install linux, it will install "GRUB" or "LILO." These programs overwrite the MBR and give you an OS menu.

Furthermore programs like Norton Ghost and Acronis TrueImage all write custom MBR's.

Finally UBCD (Ultimate Boot CD) has a program that allows you to edit your MBR.

Go into your BIOS and make it boot to a CD / floppy, it will never read the MBR.

Just a few things off the top of my head that should "fix" the MBR.

Norton blocked it.

Found a Trojan.Meboot. Someone in the Norton forums reported it couple weeks ago too.

http://i338.photobucket.com/albums/n410/stone_cold_05/Norton.jpg

Norton AntiVirus Gaming Edition 2009.