Warning: Stealth Rootkit infecting MBR (Windows Machines)
Ok, this applies to any Windows 2000, XP, 2003 or Vista machine. Possibly Windows NT as well (can’t confirm).
Ok, in layman’s terms this is nasty. This rootkit hooks itself into the MBR of your pc, meaning it loads before Windows starts. It then has complete control over your system and can install whatever it wants, mostly keyloggers and then steals your banking information. Now your current anti-virus and anti-spyware protection will probably find these keyloggers and delete them, but the rootkit will just reinstall them on next bootup, meaning you can’t win.
Finding rootkits is never easy, and not all rootkit detection software will find a rootkit. GMER will find this particular rootkit, and solving the problem is relatively easy.
Finding it
Start by downloading GMER from here. Now it’s zipped up so extract it to your desktop for the time being. Now go here. It contains a lot of complex information about how it works, which will just confuse and bemuse, so skip down to “Detection”. Read this section and run gmer from your desktop. See what it says. If you are infected with this rootkit the fix is to run fixmbr from the windows recovery console. The windows recovery console is run from a windows cd, so make sure yours is handy.
HOWEVER DO NOT DO THIS IF YOU DUAL BOOT OR HAVE A RECOVERY PARTITION. If you do this on a dual boot system you should be prepared to reinstall your boot manager (lilo, grub, etc). If you have a recovery partition you may loose access to it, and/or cause your system to not boot correctly, certain manufacturers use their own MBRs on the hard drives in their machines. Alternatives are to back up your MBR onto a floppy in order to restore a good copy should yours become infected or damaged. Now I have no idea how to do this, so you may need to Google around. If you have installed your OS from scratch then do not worry, just fixmbr.
Oh yeah, this rootkit generally seems to infect users because they are using Internet Explorer (lapse security just installs things), just another reason why I suggest switching to Firefox.
[Source: BBC NEWS ARTICLE]
Leave a Reply