Mebroot

Discussion in 'other anti-virus software' started by rollers, Jan 13, 2008.

Thread Status:
Not open for further replies.
  1. rollers

    rollers Registered Member

    Joined:
    Sep 13, 2004
    Posts:
    439
    Now that the Mebroot rootkit has been around for a few days, (named by symantec) does anyone have any idea which other AV's recognise it? I guess the problem is that so many of them give the virus different names, AVG did not recognise it under mebroot when I tried it, so does it use a different name for it?
    If anyone has any ideas's I would greatly appreciate it.

    Thanks in advance, Rollers
     
  2. plantextract

    plantextract Registered Member

    Joined:
    Feb 13, 2007
    Posts:
    392
    Most AVs recognize it, AVG should see it as: PSW.Sinowal.C
     
  3. RT

    RT Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    8
    Anyone know the Avast! name for it, please?
     
  4. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    McAfee identifies it as StealthMBR and StealthMBR!rootkit.
     
  5. plantextract

    plantextract Registered Member

    Joined:
    Feb 13, 2007
    Posts:
    392
    last time i checked avast did not have a signature for it.
     
  6. TaInTeD_SnIpEr

    TaInTeD_SnIpEr Registered Member

    Joined:
    Oct 4, 2006
    Posts:
    33
    Does anyone know what Kaspersky and ESET label this rootkit as?
     
  7. plantextract

    plantextract Registered Member

    Joined:
    Feb 13, 2007
    Posts:
    392
    kaspersky backdoor.win32.sinowal.a or Trojan.Win32.Agent.dsj (version 7/8 called it the first, the virustotal scanner the second name)
    eset: Win32/Agent.DSJ
     
  8. TaInTeD_SnIpEr

    TaInTeD_SnIpEr Registered Member

    Joined:
    Oct 4, 2006
    Posts:
    33
    Alright, thank you.
     
  9. sasa843

    sasa843 Registered Member

    Joined:
    Feb 1, 2007
    Posts:
    113
    Location:
    Serbia, Europe
    And TrendMicro detect's it as TROJ_SINOWAL.AD
     
  10. rollers

    rollers Registered Member

    Joined:
    Sep 13, 2004
    Posts:
    439
    Thanks for your answers.

    Rollers
     
  11. patrikr

    patrikr AV Expert

    Joined:
    Aug 9, 2005
    Posts:
    97
    Location:
    California, USA
    And F-Secure detect it as Trojan:W32/Mebroot.A

    Patrik
     
  12. Gizzy

    Gizzy Registered Member

    Joined:
    Oct 5, 2007
    Posts:
    149
    Location:
    NJ, USA
    how about avira antivir PE premium?
     
  13. ren

    ren Registered Member

    Joined:
    Nov 1, 2006
    Posts:
    45
    Hello,

    # TR/PSW.Sinowal.GD
    # TR/PWS.Sinowal.Gen

    -ren
     
  14. Gizzy

    Gizzy Registered Member

    Joined:
    Oct 5, 2007
    Posts:
    149
    Location:
    NJ, USA
    Thank you :)
     
  15. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Anyone know what F-Prot detects it as?
     
  16. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Does anyone know if HIPS or any other anti-keylogger can protect against the keylogging mechanism of StealthMBR?

    Is anyone able to post a screen of the client/control console of this beast?
     
  17. computer geek

    computer geek Registered Member

    Joined:
    Oct 6, 2007
    Posts:
    776
    It would be a lot helpful if they decided on one name, instead of individual stupid random words.
     
  18. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
Thread Status:
Not open for further replies.