Mebroot and vista

[GeraldF]

How susceptible to the root virus Mebroot is Vista?
I cannot believe in this day and age that an antivirus
program would allow writing to the MBR without warning.

It is my understanding that no AV Program (I am using
OneCare) protects.

Suggestions and recommendations appreciated.

Thanks

 

[David H. Lipman]

From: "GeraldF" <[email protected]>

| How susceptible to the root virus Mebroot is Vista?
| I cannot believe in this day and age that an antivirus
| program would allow writing to the MBR without warning.
|
| It is my understanding that no AV Program (I am using
| OneCare) protects.
|
| Suggestions and recommendations appreciated.
|
| Thanks

Mebroot is a Trojan, not a virus and you mean RootKit.

If you have an active anti virus application, that has signatures for the Trojan Mebroot,
performing "On Access" scanning then you will not be rooted with this Trojan RootKit that
overwrite areas of the Master Boot Record.

OneCare may detect Mebroot and it may not. OneCare is NOT good to begin with. You want a
better AV solution such as NOD32 or Kaspersky if you are really worried.

 

[GeraldF]

Mebroot is a Trojan, not a virus and you mean RootKit.

If you have an active anti virus application, that has signatures for the Trojan Mebroot,
performing "On Access" scanning then you will not be rooted with this Trojan RootKit that
overwrite areas of the Master Boot Record.

OneCare may detect Mebroot and it may not. OneCare is NOT good to begin with. You want a
better AV solution such as NOD32 or Kaspersky if you are really worried.

How is it possible that any antivirus program allows
access "On Access" to the MBR?

From your post the implication is that OneCare does not
have this capability (elementary dear Watson!)

thanks

 

[GeraldF]

OneCare may detect Mebroot and it may not. OneCare is NOT good to begin with. You want a
better AV solution such as NOD32 or Kaspersky if you are really worried.

PC Magazine review suggests BitDefender is better than
Kasperky because of registry startup protection. Any
comment?

thanks

 

[David H. Lipman]

From: "GeraldF" <[email protected]>


| How is it possible that any antivirus program allows
| access "On Access" to the MBR?
|
| From your post the implication is that OneCare does not
| have this capability (elementary dear Watson!)
|
| thanks

Many legit. programs can modify the MBR.

Kaspersky is better the BitDefender albeit BitDefender is very good.

I haven't trusted information from PC Mag in years. This comes from somebody who had an
article published in PC Mag in May '88.

 

[GeraldF]

I haven't trusted information from PC Mag in years. This comes from somebody who had an
article published in PC Mag in May '88.

Thanks

It is amazing what you learn when you have insider
information. Back in the late 70's we learned about Mike
Wallace and 60 minutes. A special on "Ghost Surgery" was
so stressful, one of the nurses involved died of a heart
attack after it aired, and he called CBS to complain
that the information was deliberatly falsified . Ratings
mattered more than the truth. I've never watched since.