Dr.Web Anti-virus is the first one to counteract BackDoor.MaosBoot rootkit

drweb only posted it yesterday on their news page lodore,

i think they would have checked to see if kaspersky (or the other russians, as i like to call em ) would counteract the threat, before making the statement "the updated Dr.Web Shield makes Dr.Web anti-virus the first one capable of counteracting the malware."

 

i would of thought so as well.
but you never know.

 

Totally true.

You can force Gmer to a false alarm when you suspend gmer.sys in system.

No, don´t think so, there are persistent versions outthere, fixmbr will fail.

 

Any proof?

 

i was told, if it cant be removed, only a format of the HD will fix it.

true?... i dont know.

 

http://i25.tinypic.com/c1184.png
Screen from 2006/2 (already 2 years ago) in german. Fixmbr impossible, after windows said fixmbr successfully written you restart fixmbr just to test if anything is okay and again the message mbr seems to be invalid or not standard.

There must be kind of mbr lock-up.

 

Interseting and scary too if it,s true!

 

Unfortunately I can´t trace back the system from 2006 (no backups from 2006) with latest Gmer but if this special thing was already active at that time you can imagine the disaster in the whole world.

 

sure, enter drweb

some smart people out there, both creating and fixing the viruses.

i wonder whats next, its obvious they are getting more complicated.


... and dangerous

 

I'm still waiting for the very talented SJ to boot in from a live CD and find his mystery Gremlins....of course they could always be F/p's as a result of the many tools both good and somewhat questionable that he is perpetually testing but since nothing is ever recovered from the funky machine then surely it is the *ultimate* malware at play....I just don't buy it myself

 

Hi C.S.J.,
has this been confirmed by the programmers? Or is there another way to get confirmation about this?
I'm not too worried about being infected with this rootkit at the moment, but it is always good to know what to do and where to go in case it might happen.

 

[Short OFF-Topic switch because of fcuks intervention

I still need some time for full discovery.
I found out that the problems roots on the one hand in a polymorphic file infector of very old kind.

Concerning live-cd can easily be defeated by ddefy method (for example atapi.sys mutation)
(for those who don´t understand: CD loads, during load, rootkit fakes reality (anti-forensics) beside it doesn´t matter if you use linux or windows live cd)]

 

if your in doubt, buy a drweb licence

 

DrWeb was in many cases pioneer for extraordinary virus infections (e.g. SQL Slammer) but I doubt that it has a chance against latest unknown threats ;-) [I especially mean if your system is already shifted (from hardware)]

 

Where you replying to me or SystemJunkie?

 

Re: drweb - stealth rootkit

So this particular virus infects all other present disks and then reboots your system every 60 minutes?

Nice (NOT!)...

 

All I can say is kudos to Dr Web. I agree it is one thing to find crap, yet another to clean it up. Hmmmmmm.

 

One day you will see the light jeff,

The green light

 

Sarcastic, schizophrenic messages ;-) You guys love playing games.

 

no harm having a little fun on here

 

You got that right!

 

Lol, I agree, hehe. But example with console scanners is a bit vague. I don´t think console scanners protect as well, they don´t have a guard at all.

I remember the myth statements of EP, were funny too.
DrWeb and EP are very close in several aspects.