http://cdonner.com/mebroot-root-kit-infection.htm We know accurately only when we know little, with knowledge doubt increases. (Goethe) Mon, 06 Feb 2012 12:46:30 +0000 hourly 1 http://wordpress.org/?v=3.3.1 http://cdonner.com/mebroot-root-kit-infection.htm/comment-page-1#comment-4978 Christian Donner Thu, 16 Apr 2009 12:21:28 +0000 http://cdonner.com/?p=496#comment-4978 Mjt, unfortunately I did not run RootKitRevealer prior to running FixMbr. It did not reveal anything afterwards. I ran Combofix, however, for the first time on my machine, and it found and removed a handful files, one or two of which could have been related. Mjt, unfortunately I did not run RootKitRevealer prior to running FixMbr. It did not reveal anything afterwards. I ran Combofix, however, for the first time on my machine, and it found and removed a handful files, one or two of which could have been related.

]]> http://cdonner.com/mebroot-root-kit-infection.htm/comment-page-1#comment-4975 mjt Thu, 16 Apr 2009 11:23:20 +0000 http://cdonner.com/?p=496#comment-4975 So, would RootkitRevealer have helped/detected this strain? I've seen no mention whether this has been tried, although I've seen references to GMER. Interesting read: http://forum.sysinternals.com/forum_posts.asp?TID=18626 So, would RootkitRevealer have helped/detected
this strain? I’ve seen no mention whether this
has been tried, although I’ve seen references
to GMER. Interesting read:
http://forum.sysinternals.com/forum_posts.asp?TID=18626

]]> http://cdonner.com/mebroot-root-kit-infection.htm/comment-page-1#comment-4436 TrustDefender Labs » New Mebroot Sinowal MBR Torpig variant in the wild - virtually undetected and more dangerous than ever Sun, 05 Apr 2009 09:10:00 +0000 http://cdonner.com/?p=496#comment-4436 [...] However now since March 26, 2009 we are seeing a completely new variant with major “improvements” or “enhancements” and a clear focus on being undetected. It defeats all detection tools and methods in place today - (e.g. GMER has provided a technical analysis with a detection/removal tool here. However it is useless with this new variant). Your current Antivirus Solutions are almost all ineffective as Christian Donner wrote in his blog how he got infected even though he runs an on-access scanner with full scans from 3 different well known AV vendors. His special Linux boot CD with Kaspersky, Avira Antivir and Bitdefender didn’t detect anything! (http://cdonner.com/mebroot-root-kit-infection.htm) [...] [...] However now since March 26, 2009 we are seeing a completely new variant with major “improvements” or “enhancements” and a clear focus on being undetected. It defeats all detection tools and methods in place today - (e.g. GMER has provided a technical analysis with a detection/removal tool here. However it is useless with this new variant). Your current Antivirus Solutions are almost all ineffective as Christian Donner wrote in his blog how he got infected even though he runs an on-access scanner with full scans from 3 different well known AV vendors. His special Linux boot CD with Kaspersky, Avira Antivir and Bitdefender didn’t detect anything! (http://cdonner.com/mebroot-root-kit-infection.htm) [...]

]]>