Previously, users often heard that the poisoning was okay, big deal reinstall the system. But now, these words will become history. March 15, Jinshan security laboratory is named to capture a kind of “ghosting” of computer viruses, the virus lives in the disk master boot record (MBR), even if the format re-install the system, can not remove the virus. When the system reboot again, the virus will be back in first load the operating system kernel. When the virus after a successful run, in the process, the system boot loader can not find any unusual items, the virus as “ghosting” on the same computer in the poisoning, “lingers.”

To overturn the traditional system can not remove heavy equipment

Jinshan security anti-virus experts said, “the general system under computer virus is a Windows application, run after the Windows load. And” ghosting “parasitic virus, the main code is in the hard disk master boot record (MBR ), the computer system startup process before the core program directly loaded into the computer memory to run. who already parasitic on the MBR of the virus, security software can not be blocked. because of the virus than the security software start-up even earlier.

Li Tiejun said that “ghosting” virus is the first boot downloader virus infection subversion of the traditional characteristics of dealing with AIDS issues, and user mindset, not only do the “three noes” feature?? No file, without system startup items, no process module, and even if the user reload the system, the virus will still re-enter the new system users; new virus technology, a breakthrough from ordinary antivirus software protection, “ghosting” the virus can said to be a “landmark” feature of computer viruses.

Significantly slow down the computer security software failure

Jinshan Safety Laboratory in analysis, this “ghosting” virus is bundled with the software installed on some shared access to a computer, the present day is about 2-3 million infected computers.

“Ghosting” viruses will release the driver overwrite the hard disk MBR (master boot record), the driver of many attacks during the boot process of antivirus software, antivirus software that failure to download the traditional AV Terminator Trojan downloader, the ultimate goal continues through the dissemination of Daohao Trojan, steal virtual assets for profit. Poisoning, the most intuitive phenomenon is not running security software, computer slow down significantly, IE home page was changed.

Rare virus technology from abroad “Ghosting” the virus is relatively rare in recent years, technology-type virus, the virus author has excellent programming skills. WinXP system because of the restrictions, rewrite the MBR will be the general way the system determined to be illegal, which is close to extinction boot sector viruses an important factor. This bypass security restrictions Winxp, direct overwrite MBR technology mainly in the dissemination of foreign technology forum in the “ghosting” the virus before, this technology is rarely the case of hackers using the actual mass. Kingsoft Security Lab engineers said that the current “ghosting” virus only for Winxp system, the virus still can not destroy Vista and Windows7 system. According to Kingsoft

security laboratory personnel revealed that in the current domestic security and civil anti-virus vendor master in, to a complete analysis, “ghosting” the virus were few. Parasitic on the hard drive due to virus master boot record (MBR), the virus can damage the driver released the majority of security tools and system support tools, in the case had been poisoned, it is difficult to use existing tools to complete the virus removal, Jinshan security lab is preparing for the “ghosting” virus Zhuanshagongju.

Duba has been upgraded, can be spread killing “ghosting” parent virus file, to avoid the more users by the “ghosting” victims of the virus, users can only access the appropriate line to upgrade defense capabilities. Jinshan net shield has spread the virus to prevent access to malicious Web page to join the list, to prevent more users to download the mysterious “ghost” virus.

