Jinshan Poison PA: New ghost virus Learn CIH overwrite motherboard bios

Source: Internet
Author: User

September 2, Jinshan Security Center captures the latest variant of the Phantom Virus, which will overwrite a specific model of the motherboard BIOS chip. If the rewrite succeeds, the virus-damaged MBR (The hard drive Master boot record) is protected and the antivirus software repair the damaged MBR will fail. Poisoned computer even formatted hard drive, also can not clear the virus, Jinshan poison PA can completely clear.

The new ghost virus mainly through the fake game plug-in and movie player transmission, its main target is game player and online watch video of netizens. After the main manifestation of poisoning is the home page is locked for www.my2345.cc, anti-virus software repeatedly reported poison (because the virus matrix will download the Trojan horse). Even if you format a reload, these phenomena still cannot be resolved.

The new ghost virus can overwrite specific model board BIOS, which is easily reminiscent of the Windows 95 era popular CIH virus, when there are antivirus manufacturers said CIH virus can destroy hardware. After poisoning the computer will be completely black screen, can not start.

The purpose of the new ghost virus and CIH completely different, CIH is mainly to destroy the system, and the new ghost is mainly to make money, will not destroy the system, poisoned computer will not appear black screen and partition damage. The main purpose is to bring traffic to the navigation station, and then download more Trojans or Trojans to download, to promote other viruses or software.

The new ghost virus first determines whether the current system board BIOS is an award BIOS and then locates the SMI port and writes the new BIOS content to protect the hard disk MBR (Master boot record) from being overwritten by other programs. This causes antivirus software or some disk editing tools to be unable to view or edit the Board MBR information, making it difficult to clear the virus.

Figure 1 new phantom virus rewrite BIOS code

"From the source analysis of the virus, its string encryption technique and the previous ghost virus have a lot of similarities, analysts initially judged that the virus and the old Ghost virus is a gang." September 1, the two High Court judicial interpretation strengthened the attack on the virus group. Jinshan security experts said, "these evil virus group will be severely punished by the law." ”

Jinshan Poison PA 2012 built-in K + behavior defense can be perfect protection installed Jinshan Poison PA computer, when the new Ghost virus release program, rewrite the hard disk operation can be intercepted. Jinshan Poison is not installed users if the Recruit, you can download the Ghost virus dedicated kill to solve. Download Address: http://www.duba.net/zhuansha/264.shtml

Figure 2 Jinshan Poison PA 2012 of the K + defense can intercept new phantom virus

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.