[rkhunter]

ha ha ha, trashing completely on pro-kaspersky forum...at least it's new version/modification of Alureon and MS classification confirms it -

Detection initially created:
Released: Aug 28, 2012

Detection last updated:
Released: Oct 08, 2012

http://www.microsoft.com/security/porta ... Alureon.FV

[rkhunter]

ha ha ha, trashing completely on pro-kaspersky forum...at least it's new version/modification of Alureon and MS classification confirms it -

Detection initially created:
Released: Aug 28, 2012

Detection last updated:
Released: Oct 08, 2012

http://www.microsoft.com/security/porta ... Alureon.FV

And as we can see on screen above, it writes 8192 bytes which corresponds to usual size of VBR modification.

[kmd]

if u remember MaxSS with MBR+VBR did the same.
- created new partition, write precompiled VBR
- set mbr partition table entry+flag

[rkhunter]

If I remember correctly Mr. Vaber already spoke that will take samples for their "independent tests" from kernelmode...
...but now he told that kernelmode is a low-trustable forum, wtf?? - "kernelmode trolling like a BOSS"?? I hope he's thinking before speaking this.

[sww]

If I remember correctly Mr. Vaber already spoke that will take samples for their "independent tests" from kernelmode...

Artem, please stop this bullshit, you're not in drweb anymore.

[rkhunter]

@sww Why you talking about Dr.Web?

[sww]

@sww Why you talking about Dr.Web?

'Coz u're talking about Mr.Vaber, anti-malware.ru and Kaspersky Lab. And about all that myths distributed by drweb... Please read all posts again very carefully. Especially this one.

UPD: Question from Vaber to you: Is it possible to infect system's VBR using Alureon.FV?

[kmd]

seems a lot of misunderstonding there.

sst.c as proclaimed by erikloman and inspired by dambabla is mysterious new maxss variant that "infects" already existing vbr not adding new volume like old maxss did. if you take both vbr's - old and attached there - they are different. take ms description - Trojan:DOS/Alureon.E and Trojan:DOS/Alureon.K - different.

all as i got from erikloman blogpost. since no1 didnt spoken anything else. so original important question is that - is this true or just bs? no need discuss tests - who believes in this trash. i wanna know truth not science fiction. Is it exist and does exactly what proclaimed or is just morphed old variant.

[rkhunter]

@sww Why you talking about Dr.Web?

'Coz u're talking about Mr.Vaber, anti-malware.ru and Kaspersky Lab. And about all that myths distributed by drweb... Please read all posts again very carefully. Especially this one.

I said nothing about Kaspersky Lab in this context as u see... and I don't know him personally, as I see he expert of anti-malware and he told:

Do not trust some persons on kernelmode [he mean, at least, Erik Loman(LOL!) and, probably, me]. There are no sst.c which infects VBR...

Don't u think that this is incorrect behaviour??

[rkhunter]

Moreover where he take info about Alureon.FV and that it's not a new modification?