New Backdoor Trojan Nukes Windows Boot Process
A new backdoor trojan can halt Windows even before the OS even completes the boot process.
Microsoft's Chun Feng said Friday that a new piece of malware capable of nuking the Windows boot process has been discovered. Rather than loading up the operating system, users are greeted with a black screen displaying a single-line, ASCI-based banner.
"A recently discovered backdoor sample (detected as Backdoor:Win32/Yonsole.A) can accept and execute a command from a remote server to modify the Master Boot Record (MBR) on the affected machine," Feng said. "The modification to the MBR is like the old "Stoned" virus for DOS. However, in this case, the MBR does nothing but display a banner in the center of the screen and freeze the PC. We detect the new MBR as Trojan:DOS/Yonsole.A."
Yonsole can infect popular, mainstream versions of Windows platforms--XP, Vista, and Windows 7--by dropping a DLL into C:\Windows\System32. The trojan can also dump a DLL into C:\Winnt\System32 on machines running Windows 2000 and NT. Yonsole was actually discovered earlier this month, so most anti-virus programs--including Microsoft Security Essentials--should already provide protection.
- Dell Confirms Switch to Google's Chrome OS
- Another Look at Battlestar Galactica Online...CGI
- See New Rage Screenshots, E3 Demonstration
- The Fable 3 Trailer From E3 (Xbox 360, Windows)
- This is What DC Universe Online Will Look Like
- Corsair Nova 32GB SSD On Sale for $69.99
- OCZ Offers 1.8'' Versions of Vertex, Onyx SSDs
- Acer Injects Aspire One with AMD Athlon II Neo
- Valve: Apple, ATI, Nvidia to Improve Mac Gaming
- Acer: We'll Overtake HP in Laptops By End of Year
- Thermaltake's $99 Case Packs SATA HDD Dock
- Report: AMD Phenom II X6 CPUs in Short Supply
- Sony's Laptop Can Also be a 3G Wireless Hotspot
- Acer AS8943G Notebooks Does DirectX 11, 1080p
- VIDEO: Meet Intel and Nokia's Love Child OS
- Samsung 512GB SSD Has Toggle-mode DDR NAND
- How to Opt Out of Apple's Targeted iAds
- More Inside Pictures of the New Xbox 360 S
Cool
Get a grip
In that case, we'd all better delete \System32\ just to be on the safe side. Scorched earth policy - nowhere to hide. ;-)
Call me morbid, but I want to know what the one line ASCII message is!
(And Kev, it's ASCII, not ASCI - "American Standard Code for Information Interchange". Sort it out...)
Thanks Rab1d, deleting /syste#####
Does dual booting linux with the grub boot loader make me immune?
I want to know what this 'ASCII based banner' says that you mentioned twice but didn't spill the beans on..
Does dual booting linux with the grub boot loader make me immune?
I doubt it as after you select Windows in GRUB the Windows boot loader will start..
just back up the mbr and similar important files
mbr si only 1mb
and using somthing like nortons ghost makes you imune becasue you can just restore sepcific files so that you dont lose any data