Security Corner

Nov 29 2008   12:39AM GMT

F-Secure Claims BlackLight Will Remove Mebroot (Sinowal)

Ken Harthun Ken Harthun Profile: Ken Harthun

Happy Thanksgiving and good luck surviving Black Friday!

I’ve been using F-Secure’s BlackLight Rootkit Eliminator ever since it was first released in early 2005. It’s a solid tool and has saved me from having to completely reload a system on at least three occasions, so I don’t know why I didn’t think of it as a weapon against Mebroot. Thanks to a news update from Windows Secrets, I visited F-Secure’s site and discovered the following in a March 31, 2008 blog post:

“A while ago we blogged about the MBR rootkit, which has been getting attention from all security vendors. We’re glad to inform you that the latest version of the F-Secure BlackLight standalone rootkit scanner now detects MBR rootkit infections.

“BlackLight has stood the test of time ever since it was released in the beginning of 2005. A new rootkit technique that has been able to evade detection has been a very rare event. The MBR rootkit is quite different from other rootkits we’ve seen over the years, so we had to add completely new technology into BlackLight to detect it successfully.”

Needless to say, I immediately downloaded the latest version and have it ready to go for any suspected Mebroot infections. Of course, I used it to check all of my own systems and am happy to report that the tool didn’t find anything wrong with my MBR. You can download the standalone BlackLight here.

In my next post, I’ll give you two more tools that you can use to combat this sinister threat: MBR BIOS locking and an MBR backup tool.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: