On Sun, 09 Oct 2011 18:57:21 +0100, ~BD~ wrote:

> David H. Lipman wrote:
>> From: "~BD~"<~BD~@nomail.afraid.org>
>>
>>> You've advised that this in impossible!
>>>
>>> Your comments requested on this item:-
>>>
>>> **
>>>
>>> Security specialists have recently discovered a virus that makes its
>>> way into the BIOS, making it very hard to get rid of using current
>>> commercial anti-virus solutions.
>>>
>>> The virus called Mebromi seems to be focused towards Chinese users,
>>> especially AMI BIOS owners, but this doesn't mean that the rest of the
>>> world is safe, as this could represent a gate opener for hackers who
>>> want to make sure our computers remain under their control.
>>>
>>>
>>> A full description of the way Mebromi functions was posted on the
>>> Webroot Threat Blog,
>>> giving us an insight on how this malicious element makes its way to
>>> the very core of a computer.
>>>
>>> The BIOS rootkit, an MBR rootkit, a kernel mode rootkit, a PE file
>>> injector and a Trojan downloader are the elements encapsulated in this
>>> potentially destructive malware, which at the moment is unable to
>>> cause any damage to machines running 64-bit operating systems if the
>>> user privileges are limited.
>>>
>>> The whole thing starts with a few files that try to access the kernel
>>> to load the virus's own kernel driver that will later generate the
>>> serious part of the infection.
>>>
>>> After it successfully infects the BIOS using a file called Cbrom.exe,
>>> which is a legitimate tool developed by Phoenix Technologies designed
>>> to modify the Award/Phoenix system's ROM binaries, it moves to
>>> infecting the master boot record of the device.
>>>
>>> The winlogon.exe or wininit.exe files are also corrupted and injected
>>> with codes that will generate the download of additional infections.
>>>
>>> http://news.softpedia.com/news/Mebro...us-Out-in-the-
Wild-221702.shtml
>>
>> It is a trojan, not a virus and we already established the fact it is
>> in the wild and was found in China.
>
>
> Have you actually *read* the Webroot article, David?
>
> http://blog.webroot.com/2011/09/13/m...os-rootkit-in-
the-wild/
>
> Btw .......
>
> There was a time when you, DHL, used to publish quite a long list of
> URL's - places for folk to visit to get detailed help with interpreting
> their HJT logs.
>
> For a long time, you never included www.aumha.net - yet after I
> questioned you about same you did, eventually, include Aumha in that
> list.
>
> This is the relevant URL for Malware removal:-
>
> http://www.aumha.net/viewforum.php?f...t&sd=d&start=0
>
> Do you still publish that list? (If so, where, please?)
>
> Do you still include Aumha in such a listing?
>
> Do you consider Aumha a 'safe' place to visit and the advice given there
> to be 'sound'?

UNNECESSARY CROSSPOSTING REMOVED

HTH



--
America is the only country that went from barbarism to decadence without
civilization in between. - Oscar Wilde