Jinshan Poison PA: New ghost virus Learn CIH overwrite motherboard bios

September 2, Jinshan Security Center captures the latest variant of the Phantom Virus, which will overwrite a specific model of the motherboard BIOS chip. If the rewrite succeeds, the virus-damaged MBR (The hard drive Master boot record) is protected and the antivirus software repair the damaged MBR will fail. Poisoned computer even formatted hard drive, also can not clear the virus, Jinshan poison PA can completely clear.

The new ghost virus mainly through the fake game plug-in and movie player transmission, its main target is game player and online watch video of netizens. After the main manifestation of poisoning is the home page is locked for www.my2345.cc, anti-virus software repeatedly reported poison (because the virus matrix will download the Trojan horse). Even if you format a reload, these phenomena still cannot be resolved.

The new ghost virus can overwrite specific model board BIOS, which is easily reminiscent of the Windows 95 era popular CIH virus, when there are antivirus manufacturers said CIH virus can destroy hardware. After poisoning the computer will be completely black screen, can not start.

The purpose of the new ghost virus and CIH completely different, CIH is mainly to destroy the system, and the new ghost is mainly to make money, will not destroy the system, poisoned computer will not appear black screen and partition damage. The main purpose is to bring traffic to the navigation station, and then download more Trojans or Trojans to download, to promote other viruses or software.

The new ghost virus first determines whether the current system board BIOS is an award BIOS and then locates the SMI port and writes the new BIOS content to protect the hard disk MBR (Master boot record) from being overwritten by other programs. This causes antivirus software or some disk editing tools to be unable to view or edit the Board MBR information, making it difficult to clear the virus.

Figure 1 new phantom virus rewrite BIOS code

"From the source analysis of the virus, its string encryption technique and the previous ghost virus have a lot of similarities, analysts initially judged that the virus and the old Ghost virus is a gang." September 1, the two High Court judicial interpretation strengthened the attack on the virus group. Jinshan security experts said, "these evil virus group will be severely punished by the law." ”

Jinshan Poison PA 2012 built-in K + behavior defense can be perfect protection installed Jinshan Poison PA computer, when the new Ghost virus release program, rewrite the hard disk operation can be intercepted. Jinshan Poison is not installed users if the Recruit, you can download the Ghost virus dedicated kill to solve. Download Address: http://www.duba.net/zhuansha/264.shtml

Figure 2 Jinshan Poison PA 2012 of the K + defense can intercept new phantom virus