Bios Virus or Fat Partition?

During the course of the trial, the Defense Expert was talking about Trojans that were so deeply embedded in the machine that after a re-installation of the operating system, with Adaware and Norton Antivirus and then everything up-dated, it would remain active. In other words, what ever was on the machine would reactivate and conduct business as usual despite the properly re- installed and updated protection.

The Government Expert defeated the presentation by the Defense Expert with one word – Preposterous and the explanation that things don’t work that way in the real world.

Tiger’s Tail #2 is on a quest to prover her wrong and to get a good idea of how a military strength computer infection works and what the pieces are called (if they have been named).

Step 1. I did a 7 pass drive wipe with Iolo Technologies Drive Scrubber and then overwrote the complete scrubbing with all zero’s. I felt that a well scrubbed drive was necessary as a first step because of the sissy porn pictures that were on the machine. While I had tried to erase everything that had been picked up in the original assault on my machine but you can never be sure.

Step 2. When the machine was restarted, the Bios was entered and all default conditions were restored.

Step 3. The operating system was restored using the manufacturers restore disc while selecting the format the hard drive option.

Step 4. Adaware plus second edition was installed and Norton Internet Security and Antivirus were installed and activated. Before the machine was placed on line, a Norton Antivirus scan was run and nothing detected while the Adaware scan picked up Coulomb_Dailer and eliminated it (HAHAHA).

So our experts opinion was correct, embedded Trojans could survive a drive wipe, reformatting and a re installation of the operating system.

Step 5. We went on-line and updated all systems including the operating system, antivirus and spyware. Now all we have is a web browser and operating system which is really not much of a computer.

At this point the update is done and other than the web pages accessed while updating, I had not surfed the net. Still I wanted to see the ground zero state.

Now this is the zero-day perfect state. Completely updated and protected. I pulled it off line killed the Norton Antivirus and firewall and installed Pccillin Antivirus and firewall to check the system. Now remember this is an out of date product on a CD compared to the updated Norton and Adaware so I shouldn’t pick up anything. I didn’t want to update the Pccillin because if I went on line I might pick up something.

Wat did I find?

7 cookies including three nasty ones.
Dialer Coulomb was back.
MS Vulnerability MS05-004 was there.

This is really cool technology, not only does the dialer reinstall itself under the most adverse conditions, but it prevents complete updating and leaves a vulnerability open for the Trojan’s Master to exploit.

Who said a military strength Trojan was preposterous. Christ, the first Trojan Horse was a military tool so why shouldn’t there be others??

Advertisements

One Response to “Bios Virus or Fat Partition?”

  1. Bios Virus or Fat Partition « The Gonzo Fat Savage Lifestyle Says:

    […] Step 1. I did a 7 pass drive wipe with Iolo Technologies Drive Scrubber and then overwrote the complete scrubbing with all zero’s. I felt that a well scrubbed drive was necessary as a first step because (continued) […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: