MBR rootkits are here

A recent article in PC World reports a new rootkit that overwrites the MBR as a means of hiding the Trojan that it installs to steal banking information. See:

http://www.pcworld.idg.com.au/index.php/id;375493008

This is nearly impossible for current Anti-malware software to detect. So add MBR management to the CAVS wishlist.

MBR rootkits are not new things,infact they are used by many well known program which backup your disk and OS to load thier drivers before NTFS loads.

they are used to load Non windows OS to backup Disk data to hidden partition(Of course bt manipulating disk Table)

They are also Used to read the NtFS to know which files to backup before Windows is loades. They are not harmful once windows kernel is fully loaded

as reminded on the link, mbr modifications need to take place administrative rights and mbr writing rights:
i agree mbr rootkits are a very tough job to get rid of when installed, but i don’t see the point in a mbr rootkit software protection: just always log with limited rights and use the bios function forbidding to write the mbr.

they can’t pass CPF v3!

Melih

But i suppose they would pass cpf 2.4, and i also suppose there will be no more updating of cpf 2.4 while it stays impossible for windows 2000 users to run cpf 3.0.

Good news! Continue running admin account.
Thanks :-TU

Who made a VIRUS using my initials,wheres a good lawyer when you need one,this must some sort of defamation of character,ill sue i tell ya,i`ll sue.

Now if only i could find em ???

Matty B Riggers

Melih, dear Webmaster,

I feel having in several circumstances made the same question/comment.

Of course, you don’t owe me or anyone else any kind of answer, but your silence is somewhat strange.
One cannot have the butter and the money for the butter: if CPF 2.4 is not to be upgraded anymore, there’s no shame in saying it clearly.

But your are maybe afraid that some people, unable to change to CPF 3.0, or having some personal reasons to stay using simultaneously CPF and some conflicting third-party driver/security software would change their mind about CPF 3, aren’t you?

It is not enough claiming your own software is good, and i agree CPF 2.4 is good: it would really be perfect to listen to a great diversity of users, i suppose this forum only exists for everyone to progress together, and to allow most of them to choose the options they want or do not want to be enforced.