• Home
• About
• Associates
• My Gear
• Headlines
• Notes
• Contact
• WordPress
• Events

Persistence of bootkit November 2, 2011

Platform: Windows XP, Windows Vista and Windows 7.

Symptoms, but not limited to:

• Search results using browser search box including Chrome and Internet Explorer 9 Omnibox are redirected to other sites.
• Internet Explorer is running in the background on login, using large amount of memory.

After long troubleshooting sessions I figured out that a bootkit was present on this computer.

A bootkit hides itself by modifying the master boot record.

The particular bootkit I was dealing with was not detected by Combofix, Malwarebytes’ Anti-Malware and many others. The only anti-malware program detected the bootkit was Hitman Pro 3.5.

If you are dealing with a persistent malware infection that redirects search results, try using numbers of anti-malware softwares. In addition to that, search for “Google redirect virus” using an uninfected computer. The malware redirects search result system-wide. On the infected system, search results were redirected on Internet Explorer, Safari, Chrome and Firefox. The malware will redirect search results on any browsers installed on the system.

It is almost 5 o’clock in the morning. I have not had a minute of sleep. I’ll clean up this post later.

Posted from Los Angeles, California, United States.

• Recommended Gear:

  
  

  Corsair Force 3 SSD

• What in the world?

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org

• Recent Posts

  • Reach for the Top!
  • Memorial Day
  • Lights, Camera, Action! Part 3
  • Well, isn’t that what a flashlight supposed to do?
  • Couchful of Kittens

• 37prime flickr

  

• Blogroll

  • 37prime WordPress
  • 37prime.com
  • Development Blog
  • Documentation
  • Plugins
  • Suggest Ideas
  • Support Forum
  • Technologizer
  • Themes
  • WordPress Planet

• Feeds

• Full
• Comments