Main Profile

At A Glance

Remove DistTrack.A aka Shamoon Malware Infects, Steals, Wipes MBR by Britec

Remove DistTrack.A aka Shamoon Malware Infects, Steals, Wipes MBR by Britec Trojan: Win32/WipMBR.A DistTrack is an overwriting malware rumored to be behind destructive actions in the Middle East. Some report it to be used in targeted attacks against companies in the energy sector. I will register itself as a system service using the name of the next. TrkSvr If the date and time of the system is to meet certain conditions, I want to create the following files. % Windir% \ system32 \% variable% (194048 B, Win32/DistTrack.A) (x86) % Windir% \ System32 \ Drivers \ drdisk.sys (27280 B) (x86) % Windir% \ system32 \% variable% (227840 B, Win64/DistTrack.A) (x64) % Windir% \ System32 \ Drivers \ drdisk.sys (31632 B) (x64) This driver is placed in the %DRIVERS% folder under the name drdisk.sys. It is apparently taken from an innocent application, and just used opportunistically to enable raw disk access. DistTrack uses raw disk access to destroy the Master Boot Record (MBR) on the hard drive, resulting in this chilling message on bootup: Operating system not found. If successful, the copy of the Trojan attack is taken from the machine. The file name will be one of the following. caclsrv.exe certutl.exe clean.exe ctrl.exe dfrag.exe dnslookup.exe dvdquery.exe event.exe findfile.exe gpget.exe ipsecure.exe iissrv.exe msinit.exe ntfrsutil.exe ntdsutl.exe power.exe rdsadmin.exe regsys.exe sigver.exe routeman.exe rrasrv.exe sacses.exe sfmsc.exe smbinit.exe wcscript.exe ntnw.exe netx.exe fsutl.exe extract.exe Systems Affected: Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Vista, Windows XP http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ http://www.surfright.nl/en http://public.avast.com/~gmerek/aswMBR.htm http://www.malwarebytes.org/ -------------------------------------------------- need help with malware? http://www.briteccomputers.co.uk/forum
Length: 12:03

Contact

Questions about Remove DistTrack.A aka Shamoon Malware Infects, Steals, Wipes MBR by Britec

Want more info about Remove DistTrack.A aka Shamoon Malware Infects, Steals, Wipes MBR by Britec? Get free advice from education experts and Noodle community members.

  • Answer

Ask a New Question