Custom Search
VoIP General
VoIP News
VoIP Provider
VoIP Hardware
VoIP Software
VoIP Technology
Havn't found what you want?? TRY GOOGLE SEARCH:
VoIP News
VoIP Provider
VoIP Hardware
VoIP Software
VoIP Technology
Havn't found what you want?? TRY GOOGLE SEARCH:
Custom Search
IP-Phone-forum not surely?2011-01-09 | |
|
Nextiva is a cloud based VoIP phone system, hosting lots of small and medium sized businesses nationwide. the provides UNLIMITED business calling for only $19.95 a month!! Click here for the detail about this promotion!!
Hello,
since newest my Norton virus protection meckert with me, if I on the side go here and warn of 35 endangerments. http://safeweb.norton.com/report/sho...phone-forum.de Contents: HTTP Trojan Mebroot Activity 2 Severity: High This attack could float A serious security threat. You should take immediate action ton stop any damage or prevent damage from happening. Description This signature detects attempt on tons of down load malicious files related tons of Trojan.Mebroot which May compromise the target host. Additional information Trojan.Mebroot is A Trojan Horse that overwrites the masters boat record OF the hard disk and of uses root kit of techniques ton hide itself. <BR>< BR> It has been reported that this threat May in valley LED from the following location using more browser exploits: <BR> [http://] gfeptwe.com[REMOVED]< BR>< BR> When the Trojan is executed, it creates the following mutex so that only one in tanks OF it is running on the compromised computers RK any time: <BR> global \ 7BC8413E-DEF5-4BF6-9530-9EAD7F45338B< BR>< BR> It then READ the masters boat record (MBR) and then scans the partition table ton find the active boat partition OF the computers.< BR>< BR> The Trojan infects the MBR, copying the original MBR ton sector 62 on the hard disk.< BR>< BR> It then installs its own kernel loader tons of second gate 60 and of 61 OF the hard disk.< BR>< BR> NEXT one, it copies A root kit driver near the end to OF the active boat partition. The Trojan overwrites around 1149 of second gate (467 KB) when copying the more driver.< BR>< BR> NEXT one, the Trojan of creates A .dll file into the current folders where it is executed and of then run the following COMMANDs: <BR> regsvr32 /s [TROJAN FILE NAME] .dll< BR>< BR> note: It has been reported that the file name could mat [RANDOM NUMBER] .dll.< BR>< BR> It May then restart the compromised computers or display the following message: <BR> Some update require you ton restart your computer ton complete the updates process. Sure ton save any work prior tons the scheduled time.< BR>< BR> When the computers restart, the infected MBR wants start the kernel more loader located in second gate 60 and 61, which patches the Windows Kernel root kits in MEMORY ton of load more driver.< BR>< BR> The root kit more driver then hooks the following kernel routines: <BR>< BR> * IRP_MJ_READ< BR> * IRP_MJ_WRITE< BR>< BR>< BR>< BR> If sector 0 is READ from hard disk, the Trojan wants return the original MBR backup stored RK sector 62. It wants thus try ton block writing tons sector 0, in order ton prevent rem oval.< BR>< BR> The Trojan thus open A bakes door, which attempts tons of bypass the local firewall and connect ton the following location, allowing at corroding field ton control the compromised computers: <BR> [http://] dkfhchkb.com/ser[REMOVED]< BR>< BR> The Trojan May thus inject additional code into user mode of processes. Affected * Windows 2000, Windows server 2003, Windows Vista, Windows XP Response 1. Restart the computers using the Windows Recovery CONSOLE.< BR> 2. Disable system Restore (Windows Me/XP). <BR> 3. Update the virus definition.< BR> 4. Run A fill system scan. What is true to it? Nixwiss there it already admits a detailed Thread, here. |
