Happy Thanksgiving and good luck surviving Black Friday!
I’ve been using F-Secure’s BlackLight Rootkit Eliminator ever since it was first released in early 2005. It’s a solid tool and has saved me from having to completely reload a system on at least three occasions, so I don’t know why I didn’t think of it as a weapon against Mebroot. Thanks to a news update from Windows Secrets, I visited F-Secure’s site and discovered the following in a March 31, 2008 blog post:
“A while ago we blogged about the MBR rootkit, which has been getting attention from all security vendors. We’re glad to inform you that the latest version of the F-Secure BlackLight standalone rootkit scanner now detects MBR rootkit infections.
“BlackLight has stood the test of time ever since it was released in the beginning of 2005. A new rootkit technique that has been able to evade detection has been a very rare event. The MBR rootkit is quite different from other rootkits we’ve seen over the years, so we had to add completely new technology into BlackLight to detect it successfully.”
Needless to say, I immediately downloaded the latest version and have it ready to go for any suspected Mebroot infections. Of course, I used it to check all of my own systems and am happy to report that the tool didn’t find anything wrong with my MBR. You can download the standalone BlackLight here.
In my next post, I’ll give you two more tools that you can use to combat this sinister threat: MBR BIOS locking and an MBR backup tool.