Jump to content
CCleaner Community Forums

Mebromi trojan


Recommended Posts

The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-)

Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers.

Link to post
Share on other sites

I think Windows7 with UAC can stop it from being copied to the Windows folder. But I am unclear as to what would happen if upon reboot, the infected files are not there...ie, on Systems which have their OS Volume frozen with apps running DeepFreeze or Shadow Defender

25qd6wl.jpg
Link to post
Share on other sites

I think Windows7 with UAC can stop it from being copied to the Windows folder. But I am unclear as to what would happen if upon reboot, the infected files are not there...ie, on Systems which have their OS Volume frozen with apps running DeepFreeze or Shadow Defender

 

... or Powershadow, which I use devoutly. I wondered about that also. Don't see how it could survive, all changes are discarded, but ???

The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-)

Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers.

Link to post
Share on other sites

I assume that most major AV providers have added this definition, but how do you know for sure?

 

Thats a very good question.

I ran ESET's online scanner, came up OK.

Have checked at the Avast! forums a couple of times, but can't find that they say definitely that they have a fix it.

 

What I have been doing is watching my outgoing connections using TCPView from Sysinternals, and so far all the connections seem normal.

The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-)

Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers.

Link to post
Share on other sites

Not sure if their online scanner finds it. :o But they have a removal tool for it. (if you remove the hyphens it downloads automatically).

 

h-t-t-p://w-w-w.eset.eu/download/emebremover

The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-)

Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers.

Link to post
Share on other sites
  • Moderators

I just don't understand the thinking behind wanting to infect systems just to mess them up, although I suppose the commercial av publishers love it because it keeps them in business.

 

It does sound very nasty if it can thwart a rescue CD.

Link to post
Share on other sites

...

It does sound very nasty if it can thwart a rescue CD.

 

I read and re-read quite a bit about it, paranoid as I am. :P Don't understand it completely.

 

Seems like this one just makes a rescue CD ineffective, since it gets into the boot sector and hides its workings after that. Apparently it isn't "installed" until after the first couple of files get onto your computer and you restart. Then when you restart they mess up the BIOS and/or MBR.

 

So if you fix it with a rescue CD and don't also replace the boot sector, the MBR, and reflash with the right BIOS, you're right back where you started.

 

Apparently Avast! can find it and Symantec, ESET, and GMER can fix it, but I'm not sure.

 

I would be happy to be corrected on this. There was not much definite info available when I went looking, I spent most of a day reading about it.

The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-)

Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers.

Link to post
Share on other sites

Seems like they're saying that it only targets Award BIOSs. I wondered if that might be just a preliminary run. Where is my tin foil hat when I need it?

The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-)

Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers.

Link to post
Share on other sites
  • Moderators

For full protection wear the AFDB

 

BEWARE OF COMMERCIAL AFDBS: Since you should trust no one, always construct your AFDB yourself to avoid the risk of subversion and mental enslavement. Sometimes, AFDBs will be sold on places like eBay. Do not purchase these pre-made AFDBs, even if the seller seems trustworthy. They may contain backdoors, pinholes, integrated psychotronic circuitry or other methods that actually promote mind control.

 

http://zapatopi.net/afdb/

CCleaner documentation can be found here

https://www.ccleaner.com/docs/ccleaner

Support contact

https://support.piriform.com/hc/en-us/requests/new

support@ccleaner.com

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...