[spirittoo]

Hi I just got through reading this article and I would like some feed back on it ... should the fix be downloaded and installed or do we in USA have nothing to worry about ...

Thanks in advance ...

Warning on stealthy Windows virus
Once installed the virus, dubbed Mebroot by Symantec, usually downloads other malicious programs, such as keyloggers, to do the work of stealing confidential information.

[rainforest123]

Most users in most countries share the same risks. I don't know why living in the US of A would protect us.

RF123

[TOGG]

I'm no expert on this stuff but I have seen other items about malware that attacks the MBR, something that seemed much more common when floppy disks were in general use. The BBC's standard of reporting on these issues is usually quite good but, as with any news organisation, they are only passing on other people's opinions/theories.

The key point, as with so many other potential exploits or threats, is the use of Internet Explorer "Many are falling victim via booby-trapped websites that use vulnerabilities in Microsoft's browser to install the attack code." The Department of Homeland Security (and many others) issued advice some time ago that people should use alternative browsers, and I have never seen anything to suggest that that advice has been changed.

I have most of the Internet Zone options in IE disabled and use Opera for everyday browsing and Firefox (with the IETab extension) to collect Windows Updates. I am not claiming that either of these browsers is in any way immune from attack, they just don't have the same level of weakness.

The fact that this exploit, like so many others, appears to be Russian, does not mean that the Atlantic or Pacific oceans provide any sort of immunity! I have never heard of GMER and so have no opinion as to the usefulness of their removal tool.

[rainforest123]

http://www.gmer.net/index.php

It is frequently used, at the malware detection & removal forum of Tech Guy

RF123

[spirittoo]

Thanks for the link ... I found this.

Would any of you use this or any of their fix for this?

Should it be used is really the question ...

[TOGG]

I find the whole rootkits thing very confusing. I understand that legitimate apps, such as antivirus and firewalls, need to 'hook' processes to check them, but that could be considered to be rootkit type behaviour.

Whatever, the GMER, or any similar tool, will only help after you have been infected with a rootkit. If not using IE will improve your chances of avoiding infection in the first place, that would seem to be the logical place to start.

You can't uninstall IE, so it will always be there for those badly constructed sites that will only work with it.

[Gizzy]

GMER is very good at detecting and removing rootkits the only problem is for it to be effective you have to know what you're doing GMER isn't for beginners.

[spirittoo]

Can you give me an idea of what some of the things are that I need to know? Thanks

[Gizzy]

Quote:

Originally Posted by spirittoo

Can you give me an idea of what some of the things are that I need to know? Thanks

it scans for hidden objects or objects that place system hooks on your pc,

Quote:

Originally Posted by from gmer's site

It scans for:
# hidden processes
# hidden threads
# hidden modules
# hidden services
# hidden files
# hidden Alternate Data Streams
# hidden registry keys
# drivers hooking SSDT
# drivers hooking IDT
# drivers hooking IRP calls
# inline hooks

so after you scan with gmer it'll find hidden objects and programs with system hooks but not everything it finds will be a rootkit so you have to know what to remove and what to leave,

though you could probably search google for anything that you don't recognize.

hope this helps.