| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 136471 | 2014-03-03 05:59:00 | Possible Trojan? | Poppa John (284) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1369222 | 2014-03-08 07:37:00 | oops double posted | wainuitech (129) | ||
| 1369223 | 2014-03-08 08:12:00 | in fact a few even kill the booting from USB & CD Do you know the name of the virus which does this? It sounds very interesting. Since AFAIK the BIOS handles that, so the virus would have to infect the BIOS to cause that problem. I have not noticed or heard this behavior before - except here: arstechnica.com ("The most visible sign of contamination is a machine's inability to boot off a CD") |
Agent_24 (57) | ||
| 1369224 | 2014-03-08 08:35:00 | Do you know the name of the virus which does this? It sounds very interesting. Since AFAIK the BIOS handles that, so the virus would have to infect the BIOS to cause that problem. I have not noticed or heard this behavior before - except here: arstechnica.com ("The most visible sign of contamination is a machine's inability to boot off a CD") It was one similar to what PJ was asking about but more nasty. I was up plimmerton the other day, had hitman pro with kickstart on a USB drive, set the BIOS to boot the USB drive first, which it did, but the moment hitman tried to load the infection killed the boot sequence. once the infection was disabled (actually Nod32 got it) I had forgotten to remove the USB drive and it booted from it fine & ran the programs as it was meant to. Cant remember the infections name, BUT it wasn't named (??? .exe) or in the usual location these things sit. | wainuitech (129) | ||
| 1369225 | 2014-03-08 09:08:00 | Oh right, so the BIOS did try to load from USB but then that was intercepted somehow and failed? I thought you meant it stopped even the BIOS from loading USB\CD at all! Must be some pretty good low-level rootkit or boot-sector virus perhaps, then. Glad I haven't encountered it so far... Though I wonder, how it would intercept the boot procedure from a different drive? I thought the machine wouldn't go near the infected drive provided it was booting from somewhere else. Sounds pretty clever to manage that. Haven't found anything online yet but I managed to find this which was interesting: thehackernews.com |
Agent_24 (57) | ||
| 1369226 | 2014-03-08 09:17:00 | With Hitman Pro Kickstart, you select it to boot from a USB Drive - select option 1 (normally) by pass boot sector options ( similar wording) the computer boots and hitman is meant to detect and disable the infection, this one decided it wasn't going to play nice. Nod32 did catch it though during the boot, so I'm guessing hitman did slow it down. The when it ran manually (hitman) it located the rest and "backup" the infection had made. These infections have a habit of creating a backup /copy so when you think its gone it actually re appears a short time later, because it was never fully removed in the first place. |
wainuitech (129) | ||
| 1369227 | 2014-03-08 21:52:00 | Ah, I think I misunderstood. I thought you meant the virus interferes with the bootcode on the USB drive - forgetting that Hitman starts the Windows system afterwards, along with the infection you described. But can this virus interfere with other bootable tools that don't load anything from the Windows drive? |
Agent_24 (57) | ||
| 1369228 | 2014-03-08 22:08:00 | Seen quite a few over the years that disable a bootable CD. | wainuitech (129) | ||
| 1 2 3 4 | |||||