Author Topic: Bootkit Remover  (Read 2438 times)

0 Members and 1 Guest are viewing this topic.

October 02, 2009, 09:19:12 pm
Read 2438 times

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
http://blog.alisa.sh/2009/10/02/cleaning-mebroot-and-more/

Quote
After a couple of months happy users’ running the TDSS remover, the Stoned Bootkit release reminded us of yet another popular and ever badly managed threat: MBR-infecting trojans, among which Sinowal (Mebroot) is the most known. So we decided to find out whether antivirus tools are ready to cope with new threats of the same kind.

We carried out some simple tests. The results were surprising. It looks like many antivirus tools detect MBR trojans by signature, which means that a well-known trojan (say, a Mebroot specimen) can be easily made undetected by means of a trivial code modification. Check the next VB for a detailed write-up including test details.

Detecting Mebroots by signature is stupid, since it is easy to detect and cure ANY MBR modification generically. So we made a simple tool capable of detecting and cleaning all kinds of MBR-infecting trojans, including Mebroots: Bootkit remover.
Ruining the bad guy's day