Sinowal/Mebroot Super Trojan

Taffycat

Taffycat

Crunchy Cat
Joined
Jun 1, 2006
Messages
12,577
Reaction score
1,055
This one looks like a tricky critter. Apparently, it can by-pass most security applications (although XP is said to be more vulnerable than Vista.) More info HERE.
 
Ian

Ian

Administrator
Joined
Feb 23, 2002
Messages
19,873
Reaction score
1,499
After reading that I ran the Blacklight rootkit scanner just to be safe! :eek:

Good find TC :)
 
G

guest_9323wk

Joined
May 27, 2007
Messages
2,534
Reaction score
0
TC,

Great fine btw.


Ian, is the Blacklight rootkit scanner built into Kaspersky or do you have to download it off the net?

Edit, Found out in the infomation where to download it.

Thanks,

Wiz
 
Last edited:
Taffycat

Taffycat

Crunchy Cat
Joined
Jun 1, 2006
Messages
12,577
Reaction score
1,055
Thank you for that link Ian - I've just downloaded that for XP, but do you think it would be a good idea to use it on Vista too please?
:)
 
Ian

Ian

Administrator
Joined
Feb 23, 2002
Messages
19,873
Reaction score
1,499
Taffycat said:
Thank you for that link Ian - I've just downloaded that for XP, but do you think it would be a good idea to use it on Vista too please?
:)
Click to expand...

Vista does have some extra protection against rootkits already, but there's no harm in running it :) It's one of the few rootkit detectors that works in Vista as far as I know :thumb:
 
Taffycat

Taffycat

Crunchy Cat
Joined
Jun 1, 2006
Messages
12,577
Reaction score
1,055
Ian Cunningham said:
Vista does have some extra protection against rootkits already, but there's no harm in running it :) It's one of the few rootkit detectors that works in Vista as far as I know :thumb:
Click to expand...

Thank you for your reply Ian - I thought I should check, just in case "Blacklight" was likely to clash with anything within Vista's gubbins ;)
 
Ian

Ian

Administrator
Joined
Feb 23, 2002
Messages
19,873
Reaction score
1,499
I was round at a friends house today as they have been infected by this trojan. The only way they knew was a letter from the bank informing them that online banking had been cut off because they detected Sinowal access to her account. I've run everything I can think of, and nothing has detected it (HJT, Blacklight, Avira, SAS, Housecall, AVG etc...).

This little bugger is hard to find
wallbash.gif


FWIW, here is the followup article to the one above which explains how you might try to remove it:

http://windowssecrets.com/2008/11/26/03-Antivirus-tools-try-to-remove-Sinowal-Mebroot
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Samsung Slow Patching 1
Why gadgets have earned a bad reputation 0
Adobe Reader, Acrobat and Flash Player Vulnerability 6
The saga of Rootkit.win32.TDSS. 4
Heartbleed Bug 6
Nest Guard has hidden microphone 2
It is being dubbed 'most dangerous trojan virus ever created' 3
Five-year-old design flaw found in all Windows versions 0

Top