Back to the 90s
I remember back when boot-sector viruses were the norm. Over the last 2 decades, this changed to infected EXEs, then email worms, then drive-by malware and then hidden services and rootkits. Over that time traditional antivirus vendors seems to have forgotten about bootsectors and MBRs and focus purely on file-level detection. Whoops. Round we go again. Considering how easily it is to compare the boot-region with a known good example, or indeed a previous backup of the current boot-region, it's damn negligent for the current generation of antivirus applications not to check for this!
I've personally had to clean TDL4 from a few clients' machines in the last few weeks - I have to say it's extremely impressive in its sophistication. Additionally, most of the TDL4 specific removal tools and my favourite ComboFix, which 'clean' the MBR, only replace the first chunk of the MBR and not the whole code, causing Vista, in particular, to go into a 0x0000008E endless loop on boot up. The fix for this seems to be to use 'Testdisk' to write a new MBR, which kills the boot process completely, then using the Vista CD, repair startup option to create a fresh boot-region.
- +Comment Trips to Mars may be OFF: The SUN has changed in a way we've NEVER SEEN
- Vid Google opens Inbox – email for people too stupid to use email
- Pic Forget the $2499 5K iMac – today we reveal Apple's most expensive computer to date
- Google+ goes TITSUP. But WHO knew? How long? Anyone ... Hello ...
- RUMPY PUMPY: Bone says humans BONED Neanderthals 50,000 years B.C.