David H. Lipman wrote:
> From: "~BD~"<~BD~@nomail.afraid.org>
>
>> You've advised that this in impossible!
>>
>> Your comments requested on this item:-
>>
>> **
>>
>> Security specialists have recently discovered a virus that makes its way into the BIOS,
>> making it very hard to get rid of using current commercial anti-virus solutions.
>>
>> The virus called Mebromi seems to be focused towards Chinese users, especially AMI BIOS
>> owners, but this doesn't mean that the rest of the world is safe, as this could
>> represent a gate opener for hackers who want to make sure our computers remain under
>> their control.
>>
>>
>> A full description of the way Mebromi functions was posted on the Webroot Threat Blog,
>> giving us an insight on how this malicious element makes its way to the very core of a
>> computer.
>>
>> The BIOS rootkit, an MBR rootkit, a kernel mode rootkit, a PE file injector and a Trojan
>> downloader are the elements encapsulated in this potentially destructive malware, which
>> at the moment is unable to cause any damage to machines running 64-bit operating systems
>> if the user privileges are limited.
>>
>> The whole thing starts with a few files that try to access the kernel to load the
>> virus's own kernel driver that will later generate the serious part of the infection.
>>
>> After it successfully infects the BIOS using a file called Cbrom.exe, which is a
>> legitimate tool developed by Phoenix Technologies designed to modify the Award/Phoenix
>> system's ROM binaries, it moves to infecting the master boot record of the device.
>>
>> The winlogon.exe or wininit.exe files are also corrupted and injected with codes that
>> will generate the download of additional infections.
>>
>> http://news.softpedia.com/news/Mebro...d-221702.shtml
>
> It is a trojan, not a virus and we already established the fact it is in the wild and was
> found in China.


Have you actually *read* the Webroot article, David?

http://blog.webroot.com/2011/09/13/m...t-in-the-wild/

Btw .......

There was a time when you, DHL, used to publish quite a long list of
URL's - places for folk to visit to get detailed help with interpreting
their HJT logs.

For a long time, you never included www.aumha.net - yet after I
questioned you about same you did, eventually, include Aumha in that list.

This is the relevant URL for Malware removal:-

http://www.aumha.net/viewforum.php?f...t&sd=d&start=0

Do you still publish that list? (If so, where, please?)

Do you still include Aumha in such a listing?

Do you consider Aumha a 'safe' place to visit and the advice given there
to be 'sound'?