1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Trojan requires infected Windows users do a System Restore

By Jos · 12 replies
Jun 28, 2011
Post New Reply
  1. Microsoft has warned of a new malware threat affecting Windows users that can only be completely removed by restoring the system to a previous state or wiping it altogether. According…

    Read the whole story
  2. wcbert

    wcbert TS Rookie Posts: 74

    "If it finds the write operation is trying to overwrite the MBR or the disk sectors containing malicious code, it simply replaces the write operation with a read operation. The operation will still succeed, however, the data will never actually be written onto the disk."

    Very clever and that why you have to never let you guard down.
  3. freedomthinker

    freedomthinker TS Enthusiast Posts: 140

    Meh . Just turn off the net . Problem solved !
  4. jobeard

    jobeard TS Ambassador Posts: 10,432   +801

    insufficient - - it can ride a USB thumbdrive and infect you there
    infect you via a fileshare you access on your LAN

    What you click matters
  5. Rick

    Rick TechSpot Staff Posts: 4,572   +65

    Since this 'hook' is only active in an infected Windows install, changing your MBR outside of Windows ought to do the trick. ie. Boot to a Windows XP install disc and "fixmbr" or "bootrec /fixmbr" for Vista/7.

    Leave that disc in and boot up back into your current installation of Windows... Then Start > Run > sfc /scannow and you should be OK? You could use System Restore too, I suppose, but when you're a hammer every problem looks like I nail I guess. :)
  6. Hahaha Rick, you're funny!
  7. Additional protection to Antivirus Real Time Guard and an Antimalware Scanner can be got with a ProActive Protection Software (for unknown virus and if your antivirus doesn't have this)

    some free programs like these:
    - Outpost Firewall Free 6.51 (you can download it from FileHippo).
    - Comodo Firewall (or Internert Security)
    - PcTools ThreatFire

    - too, you can protect files and folders with "System Protect" and use a Pasive Protection for IE with "SpwareBlaster".

    - Finally, "WinPatrol" will alert you of changes to your system.
  8. Could you not use AVG's Rescue CD as your not scanning through Windows,or take the Hard drive out and Scan on another computer? as the driver wont be actively working,or am I missing something here?
  9. PanicX

    PanicX TechSpot Ambassador Posts: 669

    I would expect using a BartPE or LiveCD and then virus scanning the inactive hard drive would point out the infected driver and result in a clean system. Unless there's more to the infection than the article describes.
  10. Tanstar

    Tanstar TS Evangelist Posts: 581   +159

    I've been using ZoneAlarm for years, has it fallen behind?
  11. I have been using NOD 32 for 5 years now............USE IT. ;)
  12. example1013

    example1013 TS Enthusiast Posts: 265

    I'd figured there would have to be a way to fix the MBR from outside of windows. There's no way your computer could completely lock you out. I guess if your last clean system restore point would net you loss of a lot of info, a method like this would be more convenient.
  13. Alternatively can't you just boot up mini xp or something and "rescue" important data then format or whatever? Seems like a much easier fix imo.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...