[BC] Facebook virus
Art Reed
areed21774 at aol.com
Fri Feb 26 13:39:19 CST 2010
Not necessarily a "social virus", but I have been asked to fix an XP
machine that is (probably) infected with the Alureon rootkit.
Apparently, lots of people have "rooted out" this problem because an MS
monthly update in February
changed memory mapping, which conflicts with the static mapping of
memory that the rootkit uses. Alureon replaces atapi.sys with an
infected file. Atapi.sys is loaded early in the bootup process, as it
controls HDD and external storage.
Anyway, the MS hotfix causes the affected XP machine to go into an
endless loop of boot, lockup, BSOD, safe mode, lockup, BSOD, etc.
The "fix" is to boot the machine with an XP boot disk, remove the
hotfix, reboot the machine, replace the defective atapi.sys file. I am
summarizing here..the actual process is more involved. Google "Alureon"
and read all about it.
All of the reading I've done about this hasn't given me much insight as
to how this rootkit gets on a machine in the first place...unsafe
surfing, probably.
Art Reed
Jason R. at KGVL - KIKT wrote:
> Thanks, Rich and all...
>
> I suppose 'Social Networking' brings on "Social Diseases" in more than one
> way lol...
>
>
More information about the Broadcast
mailing list