/ Sign-up

New Backdoor Trojan Nukes Windows Boot Process

By - Source: Tom's Hardware UK | B 9 comments
Tags :

A new backdoor trojan can halt Windows even before the OS even completes the boot process.

Microsoft's Chun Feng said Friday that a new piece of malware capable of nuking the Windows boot process has been discovered. Rather than loading up the operating system, users are greeted with a black screen displaying a single-line, ASCI-based banner.

"A recently discovered backdoor sample (detected as Backdoor:Win32/Yonsole.A) can accept and execute a command from a remote server to modify the Master Boot Record (MBR) on the affected machine," Feng said. "The modification to the MBR is like the old "Stoned" virus for DOS. However, in this case, the MBR does nothing but display a banner in the center of the screen and freeze the PC. We detect the new MBR as Trojan:DOS/Yonsole.A."

Yonsole can infect popular, mainstream versions of Windows platforms--XP, Vista, and Windows 7--by dropping a DLL into C:\Windows\System32. The trojan can also dump a DLL into C:\Winnt\System32 on machines running Windows 2000 and NT. Yonsole was actually discovered earlier this month, so most anti-virus programs--including Microsoft Security Essentials--should already provide protection.

Ask a Category Expert

Create a new thread in the UK News comments forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
  • -2 Hide
    nesters , 22 June 2010 04:50
  • 0 Hide
    damian86 , 22 June 2010 07:12
    Get a grip
  • -2 Hide
    damian86 , 22 June 2010 07:13
    Rab1d-BDGRIn that case, we'd all better delete \System32\ just to be on the safe side. Scorched earth policy - nowhere to hide. ;-)

  • Display all 9 comments.
  • 5 Hide
    mi1ez , 22 June 2010 15:45
    Call me morbid, but I want to know what the one line ASCII message is!

    (And Kev, it's ASCII, not ASCI - "American Standard Code for Information Interchange". Sort it out...)
  • 1 Hide
    santfu , 22 June 2010 18:29
    Thanks Rab1d, deleting /syste#####
  • 0 Hide
    Micropat , 22 June 2010 20:07
    Does dual booting linux with the grub boot loader make me immune?
  • 0 Hide
    aron311 , 23 June 2010 06:09
    I want to know what this 'ASCII based banner' says that you mentioned twice but didn't spill the beans on..
  • 0 Hide
    aron311 , 23 June 2010 06:11
    micropatDoes dual booting linux with the grub boot loader make me immune?

    I doubt it as after you select Windows in GRUB the Windows boot loader will start..
  • 0 Hide
    shanky887614 , 23 June 2010 20:21
    just back up the mbr and similar important files

    mbr si only 1mb

    and using somthing like nortons ghost makes you imune becasue you can just restore sepcific files so that you dont lose any data