Jump to content

Nasty Rootkit hooked in BIOS extra RAM adressed to ROM

Recommended Posts


one day I believed to have a Rootkit in my system ,so I started to delete system files etc, but every step I made was going to Nirvana.

So I checked my system with Ultimate Boot CD,

the first 63 Sectors of my HD were locked so I couldnt delete it, it was ressistent.

when I started the tool MBRWork without my HD, Drives A: B: Q: and T: T: for my Cdrom drive were extracted.

in A: there were the folders BIN ETC TMP USR/LEVEL0 /LEVEL1 /LEVEL3


I checked the file MODBOOT.BAT

the order in the file was like

@if %debug%"==" echo off

if "%1%"==":" if not "%2"==" goto %2

"%shift%"=="" kbfl

if not "%shift%"==" " if ecist %ramdrv%\bin\el!.com el!

if err call 0% : _shift Q:\bin\2PERUSE.CAB -y

exist Q:\bin\volume.com volume.com Q:RAMDISK

exist Q:\bin\umbchk.bat call Q:\bin\umbchk.bat

for %%1 in (0 1 2 3 4 5 6 7 8 9) do if exist Q:\_autoru%%i.bat call Q:\_autoru%% del % _delq% Q:\_autoru%%

I managed to read the conversation between the clients connected from the whole world RU USA .. they streamed my HD and uploaded a new config.sys and kernel.sys to my system

Link to post
Share on other sites

  • 4 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.