Microsoft: New "Popureb" Rootkit Requires Windows Re-Install

[SpywareDr]

Rootkit infection requires Windows reinstall, says Microsoft
http://www.computerworld.com/s/artic...?taxonomyId=85

[HAN]

There is a discussion about this over at dslreports. http://www.dslreports.com/forum/r260...says-Microsoft
Several feel the Microsoft approach has contradictions in it and may be an over reaction??

[Train]

Looks like a good case for DBAN and doing a clean install alright.

Hope they figure out something better.

[SpywareDr]

There is a discussion about this over at dslreports. http://www.dslreports.com/forum/r260...says-Microsoft
Several feel the Microsoft approach has contradictions in it and may be an over reaction??

Thanks for the link HAN. Looks interesting.

[SpywareDr]

Looks like a good case for DBAN and doing a clean install alright.

Hope they figure out something better.

Yep, I hope so too.

--

CMRR - Secure Erase

(Better & faster than DBAN, Killdisk etc.?)

http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml

Read the enclosed .doc and .txt files

[Ricardo Dávidow]

Where from you can get such a nasty ? Is there a way to prevent getting it ?

[HAN]

Where from you can get such a nasty ? Is there a way to prevent getting it ?

This nasty is a trojan. To quote McAfee:

Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, e-mail, etc.

[Ricardo Dávidow]

Thanks, HAN.

[Train]

CMRR - Secure Erase

(Better & faster than DBAN, Killdisk etc.?)

http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml

Read the enclosed .doc and .txt files

Thanks, that is a new one to me.

[SpywareDr]

You're welcome.

[Steve R Jones]

Feng provided links to MBR-fixing instructions for XP, Vista and Windows 7

Does that work? Or is a fresh installl the only solution?

[cdroman]

If your back up image includes the MBR; why would you need to do a fresh install? Restoring the image would also restore the clean MBR. Am I not understanding something?

[HAN]

If your back up image includes the MBR; why would you need to do a fresh install? Restoring the image would also restore the clean MBR. Am I not understanding something?

If the imaging program overwrites the MBR with either a clean one, it should work. (Of course, the option to overwrite the infected MBR should be explicit during the restore. Some imaging programs don't make this distinction and if it's not clear that it's being replaced, I don't think the user should make the assumption it has been replaced.)

This is part of the reason I posted the link to the discussion over at dslreports. Several there felt the posting by MS was spreading at least some FUD. And to a degree, I think it is myself...

[Train]

Does that work? Or is a fresh installl the only solution?

Since you are working on the DOS side one would think it would work, but no link(s), and again, how many folks even know what I am talking about?

[cdroman]

If the imaging program overwrites the MBR with either a clean one, it should work. (Of course, the option to overwrite the infected MBR should be explicit during the restore. Some imaging programs don't make this distinction and if it's not clear that it's being replaced, I don't think the user should make the assumption it has been replaced.)

This is part of the reason I posted the link to the discussion over at dslreports. Several there felt the posting by MS was spreading at least some FUD. And to a degree, I think it is myself...

I agree. I like to have the entire drive cloned, which makes things easy if drive failure occurs.