Sinowal/Mebroot Super Trojan
- Thread starter Taffycat
- Start date
- Joined
- May 27, 2007
- Messages
- 2,534
- Reaction score
- 0
TC,
Great fine btw.
Ian, is the Blacklight rootkit scanner built into Kaspersky or do you have to download it off the net?
Edit, Found out in the infomation where to download it.
Thanks,
Wiz
Great fine btw.
Ian, is the Blacklight rootkit scanner built into Kaspersky or do you have to download it off the net?
Edit, Found out in the infomation where to download it.
Thanks,
Wiz
Last edited:
Ian
Administrator
- Joined
- Feb 23, 2002
- Messages
- 19,878
- Reaction score
- 1,508
Glad you found it Wiz, I'll post it here for others though just in case:
http://www.f-secure.com/security_center/
It's the 2nd from bottom link, called "BlackLight – Rootkit Detection and Elimination Tool"
http://www.f-secure.com/security_center/
It's the 2nd from bottom link, called "BlackLight – Rootkit Detection and Elimination Tool"
Ian
Administrator
- Joined
- Feb 23, 2002
- Messages
- 19,878
- Reaction score
- 1,508
Taffycat said:Thank you for that link Ian - I've just downloaded that for XP, but do you think it would be a good idea to use it on Vista too please?
Vista does have some extra protection against rootkits already, but there's no harm in running it
It's one of the few rootkit detectors that works in Vista as far as I know 
Taffycat
Crunchy Cat
- Joined
- Jun 1, 2006
- Messages
- 12,831
- Reaction score
- 1,067
Ian Cunningham said:Vista does have some extra protection against rootkits already, but there's no harm in running it
Thank you for your reply Ian - I thought I should check, just in case "Blacklight" was likely to clash with anything within Vista's gubbins
Ian
Administrator
- Joined
- Feb 23, 2002
- Messages
- 19,878
- Reaction score
- 1,508
I was round at a friends house today as they have been infected by this trojan. The only way they knew was a letter from the bank informing them that online banking had been cut off because they detected Sinowal access to her account. I've run everything I can think of, and nothing has detected it (HJT, Blacklight, Avira, SAS, Housecall, AVG etc...).
This little bugger is hard to find
FWIW, here is the followup article to the one above which explains how you might try to remove it:
http://windowssecrets.com/2008/11/26/03-Antivirus-tools-try-to-remove-Sinowal-Mebroot
This little bugger is hard to find
FWIW, here is the followup article to the one above which explains how you might try to remove it:
http://windowssecrets.com/2008/11/26/03-Antivirus-tools-try-to-remove-Sinowal-Mebroot