Years ago there was a trojan that infected the BIOS, apparently it's back.
http://www.symantec.com/connect/blogs/bios-threat-showing-again
http://blogs.norman.com/2011/malware-detection-team/mebromi-a-bios-flashing-trojan
Sounds like it has the ability to stop you booting from a rescue cd if it chose to do so, apart from anything else it could do.
Very naughty.
I think Windows7 with UAC can stop it from being copied to the Windows folder. But I am unclear as to what would happen if upon reboot, the infected files are not there...ie, on Systems which have their OS Volume frozen with apps running DeepFreeze or Shadow Defender
I think Windows7 with UAC can stop it from being copied to the Windows folder. But I am unclear as to what would happen if upon reboot, the infected files are not there...ie, on Systems which have their OS Volume frozen with apps running DeepFreeze or Shadow Defender
... or Powershadow, which I use devoutly. I wondered about that also. Don't see how it could survive, all changes are discarded, but ???
I assume that most major AV providers have added this definition, but how do you know for sure?
I assume that most major AV providers have added this definition, but how do you know for sure?
Thats a very good question.
I ran ESET's online scanner, came up OK.
Have checked at the Avast! forums a couple of times, but can't find that they say definitely that they have a fix it.
What I have been doing is watching my outgoing connections using TCPView from Sysinternals, and so far all the connections seem normal.
Well ESET appears to be behind
Not sure if their online scanner finds it. But they have a removal tool for it. (if you remove the hyphens it downloads automatically).
h-t-t-p://w-w-w.eset.eu/download/emebremover
Avast is what I'm personally interested in, but I would think that Avira, AVG, McAfee, MSE, etc. would all be on top of this, too. But who really knows?
How can they not know about it if we do?
I just don't understand the thinking behind wanting to infect systems just to mess them up, although I suppose the commercial av publishers love it because it keeps them in business.
It does sound very nasty if it can thwart a rescue CD.
"Supposedly in Windows 8 this type of infection will be a thing of the past," see this Softpedia article about the updated security:
...
It does sound very nasty if it can thwart a rescue CD.
I read and re-read quite a bit about it, paranoid as I am. Don't understand it completely.
Seems like this one just makes a rescue CD ineffective, since it gets into the boot sector and hides its workings after that. Apparently it isn't "installed" until after the first couple of files get onto your computer and you restart. Then when you restart they mess up the BIOS and/or MBR.
So if you fix it with a rescue CD and don't also replace the boot sector, the MBR, and reflash with the right BIOS, you're right back where you started.
Apparently Avast! can find it and Symantec, ESET, and GMER can fix it, but I'm not sure.
I would be happy to be corrected on this. There was not much definite info available when I went looking, I spent most of a day reading about it.
I thought the "don't write" to CMOS jumper was suppose to stop this kind of nonsense overwriting your system BIOS??
Richard S.
It possibly also needs a bug fix, who knows though, and hopefully the av software everyone uses can stop it otherwise it would be an involved fix.
Seems like they're saying that it only targets Award BIOSs. I wondered if that might be just a preliminary run. Where is my tin foil hat when I need it?
Where is my tin foil hat when I need it?
For full protection wear the AFDB
BEWARE OF COMMERCIAL AFDBS: Since you should trust no one, always construct your AFDB yourself to avoid the risk of subversion and mental enslavement. Sometimes, AFDBs will be sold on places like eBay. Do not purchase these pre-made AFDBs, even if the seller seems trustworthy. They may contain backdoors, pinholes, integrated psychotronic circuitry or other methods that actually promote mind control.
When I'm out and about and notice anyone looking my way I always think .. "I can read yours as well, so watch out".
Just in case.