Mebroot

Discussion in 'other anti-virus software' started by rollers, Jan 13, 2008.

Thread Status:
Not open for further replies.
  1. rollers

    rollers Registered Member

    Joined:
    Sep 13, 2004
    Posts:
    507
    Location:
    UK
    Now that the Mebroot rootkit has been around for a few days, (named by symantec) does anyone have any idea which other AV's recognise it? I guess the problem is that so many of them give the virus different names, AVG did not recognise it under mebroot when I tried it, so does it use a different name for it?
    If anyone has any ideas's I would greatly appreciate it.

    Thanks in advance, Rollers
     
  2. plantextract

    plantextract Registered Member

    Joined:
    Feb 13, 2007
    Posts:
    392
    Most AVs recognize it, AVG should see it as: PSW.Sinowal.C
     
  3. RT

    RT Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    8
    Anyone know the Avast! name for it, please?
     
  4. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    McAfee identifies it as StealthMBR and StealthMBR!rootkit.
     
  5. plantextract

    plantextract Registered Member

    Joined:
    Feb 13, 2007
    Posts:
    392
    last time i checked avast did not have a signature for it.
     
  6. TaInTeD_SnIpEr

    TaInTeD_SnIpEr Registered Member

    Joined:
    Oct 4, 2006
    Posts:
    33
    Does anyone know what Kaspersky and ESET label this rootkit as?
     
  7. plantextract

    plantextract Registered Member

    Joined:
    Feb 13, 2007
    Posts:
    392
    kaspersky backdoor.win32.sinowal.a or Trojan.Win32.Agent.dsj (version 7/8 called it the first, the virustotal scanner the second name)
    eset: Win32/Agent.DSJ
     
  8. TaInTeD_SnIpEr

    TaInTeD_SnIpEr Registered Member

    Joined:
    Oct 4, 2006
    Posts:
    33
    Alright, thank you.
     
  9. sasa843

    sasa843 Registered Member

    Joined:
    Feb 1, 2007
    Posts:
    113
    Location:
    Serbia, Europe
    And TrendMicro detect's it as TROJ_SINOWAL.AD
     
  10. rollers

    rollers Registered Member

    Joined:
    Sep 13, 2004
    Posts:
    507
    Location:
    UK
    Thanks for your answers.

    Rollers
     
  11. patrikr

    patrikr AV Expert

    Joined:
    Aug 9, 2005
    Posts:
    97
    Location:
    California, USA
    And F-Secure detect it as Trojan:W32/Mebroot.A

    Patrik
     
  12. Gizzy

    Gizzy Registered Member

    Joined:
    Oct 5, 2007
    Posts:
    149
    Location:
    NJ, USA
    how about avira antivir PE premium?
     
  13. ren

    ren Registered Member

    Joined:
    Nov 1, 2006
    Posts:
    45
    Hello,

    # TR/PSW.Sinowal.GD
    # TR/PWS.Sinowal.Gen

    -ren
     
  14. Gizzy

    Gizzy Registered Member

    Joined:
    Oct 5, 2007
    Posts:
    149
    Location:
    NJ, USA
    Thank you :)
     
  15. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,229
    Anyone know what F-Prot detects it as?
     
  16. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Does anyone know if HIPS or any other anti-keylogger can protect against the keylogging mechanism of StealthMBR?

    Is anyone able to post a screen of the client/control console of this beast?
     
  17. computer geek

    computer geek Registered Member

    Joined:
    Oct 6, 2007
    Posts:
    776
    It would be a lot helpful if they decided on one name, instead of individual stupid random words.
     
  18. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.