SECHOTECH, LLC - Computer & Laser Printer Services

  • CLOSED
  • Newsletter

Nasty Rootkit Trojan making the rounds

7/1/2011

0 Comments

 
A new variant of the Trojan Popureb burrows deep enough into the Windows operating system that users are recommended to reinstall the OS in order to remove it, or by fixing the master boot record, Microsoft said.

The "Popureb" Trojan corrupts the hard drive's master boot record to such an extent that the only way to remove it is to run Windows Recovery Console to rewrite the sectors to a clean state, Microsoft Malware Protection Center engineer Chun Feng wrote in an advisory posted on the Threat Research and Reponse blog June 22.

The Trojan was updated recently with the driver component that makes sure the malware can never be modified by an external process, according to Feng. The component accesses the DriverStartIO routine in the device driver to execute itself.

Trojan:Win32/Popureb.E overwrites the first sector on the hard drive so that it triggers at boot time. MBR is generally invisible to both the operating system and security software. To ensure it can't easily be removed, Popureb can intercept all commands to overwrite the MBR or any other part of the hard drive where the malware is installed and replace those commands with a read command. The operation appears to succeed and no errors are thrown, but no new data is actually written to the disk. This means that if a security software attempts to remove the malware, it fails automatically because it can't overwrite the MBR or the infected sector.

Most members of this particular malware family are fake antivirus software, but this variant "might be a little more severe, Symantec said, but pointed out that this Trojan doesn't do anything that "Trojan.Tidserv doesn't already do." The company has asked Microsoft for the sample to analyze further, according to the statement.
0 Comments

Fraud alert: MS Removal Tool

5/13/2011

0 Comments

 
Cybercriminals are circulating a new piece of fake security software that spoofs a Microsoft security tool. It’s called the “MS Removal Tool.”

When you start your computer, you see a MS Removal Tool window that restricts you from accessing your desktop. You cannot start Task Manager, and you cannot open Internet Explorer or any other programs. This situation is the result of malware (a variant of Win32/Winwebsec) that is infecting your computer.

If you see a pop-up ad or an email for the “MS Removal Tool,” ignore it.

If you already have this malware on your computer, you might not be able to access Internet Explorer or any other programs.

As always, we highly recommend our users having their computers up to date and running a good antivirus application.

A good and free choice is Microsoft's own Microsoft Security Essentials.

If you can access Internet Explorer or another web browser, you can also use the Microsoft Safety Scanner to scan your computer and remove the MS Removal Tool.

Be safe!
0 Comments
    Picture

    Tips and Newsletter

    "Advice for using technology better, faster, and smarter"

    Keep up to date in the latest security information and other tips that will help improve your computing.

    join our mailing list
    * indicates required
    Close

    Archives

    October 2013
    May 2013
    February 2013
    March 2012
    January 2012
    November 2011
    September 2011
    August 2011
    July 2011
    June 2011
    May 2011
    April 2011

    Categories

    All
    Air Flow
    Battery
    Calendar
    Data Breach
    Display
    Documents
    Fake
    Files
    Folders
    Games
    Identity Theft
    Law
    Mac
    Maintenance
    Malware
    Managing
    Meeting
    Office 2010
    Overheating
    Photo
    Photo Sharing
    Play
    Playstation Network
    Power Settings
    Printing
    Promotion
    Ram
    Recover
    Restore
    Rogue
    Security
    Sharing
    Social Network
    Software
    Sony
    Tips
    Troubleshooting
    Upgrade
    Weather
    Windows
    Windows 7

    RSS Feed


    Follow @SechoDB

    SechoTech LLC

    Promote Your Page Too

© Copyright 2011 - SechoTech, LLC