Jump to content
xisto Community
Sign in to follow this  
jamers

New Twist On An Old Backdoor Trojan Suspect this trojan infects or changes BIOS settings

Recommended Posts

Seems, there is a variant of backdoor.Sdbot family of worms and IRC backdoor Trojans that is disguised as Microsoft Security Adviser. This is quite nasty because it infects system files and is very difficult to remove. Trend Micro has a nice online tool called House Call but this trojan survived that so you have to look elsewhere to remove it. No telling what the triggers are but I simply removed the files and the registry keys pointing to them and now I can't even get into my BIOS.Search for msscan.exe if you have it then find RegRun on the net and they claim it removes msscan.exe. Greatis claims RegRun removes msscan.exe but they also claim it is different (W32.Kedebe.B@MM) worm than Anubis reports.I will post additional information as soon as I find out if I can recover in a non-destructive fashion. If anyone finds instructions or free tools that might help recover once the trojan has already disabled keyboard and mouse please post here.

Edited by jamers (see edit history)

Share this post


Link to post
Share on other sites

This trojan is affecting the boot sector or is located in the boot sector.It is also apparent that the buggar encrypts the master boot record. Since the only action I took was to remove the keys in the registry and delete the files this must be the case explaining why it is so difficult to remove. Can't boot without it, use it and it respawns. Very nice, I just hope there is no way it could be hiding something in my bios. Time will tell, I'm about to start reinstalling right now.

Share this post


Link to post
Share on other sites

This trojan is affecting the boot sector or is located in the boot sector.It is also apparent that the buggar encrypts the master boot record. Since the only action I took was to remove the keys in the registry and delete the files this must be the case explaining why it is so difficult to remove. Can't boot without it, use it and it respawns. Very nice, I just hope there is no way it could be hiding something in my bios. Time will tell, I'm about to start reinstalling right now.



BIOS settings were changed so there was no way to access without first clearing CMOS.

CRAP. Never allowing DIV-X to install from anywhere but the makers.
I suggest you all do the same.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.