VanBot, and maybe something worse?

Discussion in 'malware problems & news' started by Gullible Jones, Jul 21, 2010.

Thread Status:
Not open for further replies.
  1. My dad's Windows 2000 workstation started displaying some decidedly strange behavior today, so I did a series of scans, and eventually (with the help of Hitman Pro - thanks Surfright) discovered some variety of Win32.VanBot infection. Or rather, the traces of its installation in the temp file directory - HMP was apparently unable to find and remove the whole thing.

    Needless to say, I plan on reinstalling, and this time I'm going to work a bit harder on the security setup. :eek:

    However, one thing is gnawing at the back of my mind.

    Earlier, when the machine was displaying its infectedness - with DLL errors, missing files, that kind of thing - there was a sudden BSOD following a boot. The BSOD complained in big bold letters that the computer's ACPI BIOS was not compatible with Windows, and that ACPI should be disabled, or something to that effect. After rebooting, though, everything worked normally (except for further DLL issues).

    I don't know about you guys... But I've heard some fairly ugly stuff about the possibility of rootkits that can infect a machine's BIOS via the ACPI code. Has anything like that surfaced in the wild while I've been away? Is it a possibility I should be aware of, or purely theoretical at this point?

    I don't want to have to junk a perfectly good machine. On the other hand... If there's a possibility - even a relatively low one - that it's been compromised on a hardware level, I need to know.

    Thanks in advance.
     
  2. ace55

    ace55 Registered Member

    Joined:
    Mar 29, 2010
    Posts:
    91
    Completely theoretical at this point. If you're truly worried about such an infection, the only way to set your mind at ease is to set up wireshark and observe all network traffic to and from the machine in question.
     
  3. Thanks. And just like that, my sluggish brain comes up with the idea that the BSOD could be form something messing with the ACPI drivers. Duh.
     
Thread Status:
Not open for further replies.