I had a client the other day with this problem. Cant remember what I did to fix it.Quote:
MBR has been changed, possible virus, boot? [Y]/[N]
Think I just did fixboot & fixmbr.
Printable View
I had a client the other day with this problem. Cant remember what I did to fix it.Quote:
MBR has been changed, possible virus, boot? [Y]/[N]
Think I just did fixboot & fixmbr.
MBR rootkits aren't new. In fact, I've seen them for years. What is new(er) is the professional level of development that MBR rootkits are seeing. Why? Because criminals know that endpoints are (for the most part) defensless against this type of vector. Projected profits from MBR rootkits are high, hence, all the love from the bad guys.
Someone mentioned kernel hooks. The issue with that is the way the rootkit hooks the kernel. Without spinning into a technonerd discussion, it would be like looking for a white collar criminal in a see of others wearing suits. On the surface, they all look the same. The criteria needed to detect the hook would be extensive. Anyway, fwiw.
--Th13
I do recall reading about the potential for flashing malware into the various bits of firmware/BIOS memory on motherboards, but I haven't heard of anything in the wild yet.