New Backdoor Trojan Nukes Windows Boot Process
A new backdoor trojan can halt Windows even before the OS even completes the boot process.
Microsoft's Chun Feng said Friday that a new piece of malware capable of nuking the Windows boot process has been discovered. Rather than loading up the operating system, users are greeted with a black screen displaying a single-line, ASCI-based banner.
"A recently discovered backdoor sample (detected as Backdoor:Win32/Yonsole.A) can accept and execute a command from a remote server to modify the Master Boot Record (MBR) on the affected machine," Feng said. "The modification to the MBR is like the old "Stoned" virus for DOS. However, in this case, the MBR does nothing but display a banner in the center of the screen and freeze the PC. We detect the new MBR as Trojan:DOS/Yonsole.A."
Yonsole can infect popular, mainstream versions of Windows platforms--XP, Vista, and Windows 7--by dropping a DLL into C:\Windows\System32. The trojan can also dump a DLL into C:\Winnt\System32 on machines running Windows 2000 and NT. Yonsole was actually discovered earlier this month, so most anti-virus programs--including Microsoft Security Essentials--should already provide protection.
Not necessarily accurate. If the system is still infected, repairing/replacing the mbr won't matter as when you boot back into windows it could just reinfect your system again.
I will start to fear when they will attack my motherboard Bios... until then, AVG is doing the job.
I will start to fear when they will attack my motherboard Bios... until then, AVG is doing the job.
Not necessarily accurate. If the system is still infected, repairing/replacing the mbr won't matter as when you boot back into windows it could just reinfect your system again.
I do believe a while back there was a virus that did exactly that. It was early on when mobo makers started using flash to store the BIOS. Now days, they have a removable chip that you can replace (or high end systems with two separate copies of the BIOS) in the event that you flash improperly, or heaven forbid, another nefarious virus figures out a good way to wipe it out on you.
Back then, the virus basically shelled your mobo and you had to get a new one.
Google the CIH Virus
not to mention formating your MBR would sacrifice your OS settings.. thus making you reinstall your OS.
Not necessarily accurate. If the system is still infected, repairing/replacing the mbr won't matter as when you boot back into windows it could just reinfect your system again.
True, but that would at least let you run an antivirus program and find the dll. That avoids having to wipe your drive and lose everything.
All fdisk /mbr would do is clear the mbr (more or less), not really do anything directly relating to fixing it.
When UEFI comes out, if a virus was to take over THAT firmware then your computer would be screwed, could do almost anything!
/kill C Drive
Are you the CEO of lifelock?
Formatting your MBR does not sacrifice your OS settings in any way.
Another alternative would comprise of loading a pre-installed environment via disc/flash drive, then running a virus scan from there.
Preferably the newest Windows PE where you can run the recovery console right after.