Back to the 90s
I remember back when boot-sector viruses were the norm. Over the last 2 decades, this changed to infected EXEs, then email worms, then drive-by malware and then hidden services and rootkits. Over that time traditional antivirus vendors seems to have forgotten about bootsectors and MBRs and focus purely on file-level detection. Whoops. Round we go again. Considering how easily it is to compare the boot-region with a known good example, or indeed a previous backup of the current boot-region, it's damn negligent for the current generation of antivirus applications not to check for this!
I've personally had to clean TDL4 from a few clients' machines in the last few weeks - I have to say it's extremely impressive in its sophistication. Additionally, most of the TDL4 specific removal tools and my favourite ComboFix, which 'clean' the MBR, only replace the first chunk of the MBR and not the whole code, causing Vista, in particular, to go into a 0x0000008E endless loop on boot up. The fix for this seems to be to use 'Testdisk' to write a new MBR, which kills the boot process completely, then using the Vista CD, repair startup option to create a fresh boot-region.
- Top Gear Tigers and Bingo Boilers: Farewell then, Phones4U
- Breaking Fad 4K-ing excellent TV is on its way ... in its own sweet time, natch
- First Irish boy band U2. Now Apple pushes ANOTHER thing into iPhones, iPods, iPads
- Updated iOS 8 Healthkit gets a bug SO Apple KILLS it. That's real healthcare!
- Stephen Pie iPhone 6: Most exquisite MOBILE? NO, it's the Most Exquisite THING. EVER