[kareldjag/michk]

hi
360.cn fix tool against the Icelord bioskit clone, requested via PM by a forum member

rgds

[360Tencent]

http://blogs.mcafee.com/mcafee-labs/bio ... th-malware

[Win32:Virut]

1 sample

MD5: f1c3974c0cfb78337d5645f1d6fc482e
https://www.virustotal.com/file/47705c0 ... /analysis/

[kareldjag/michk]

hi
Bios Kit designed to plant THE universal backdoor...

rgds

[kareldjag/michk]

Maybe this one
http://invisiblethingslab.com/resources ... 20BIOS.pdf

Or this more recent one from the same lab
http://www.invisiblethingslab.com/resou ... 20VT-d.pdf

also attached a Bios paper from a Chinese University, intereting with a good and accurate translation...

rgds

[kareldjag/michk]

Hello,

Just another kit in the Bios...
In this sunny day in Paris, i did not take time to play with it.
http://exfiltrated.com/research.php#BIOS_Based_Rootkits
The PoC http://exfiltrated.com/research.php#BIO ... nd%20Notes

Some tools that can help http://www.bios-mods.com/tools/ (the Phoenix Bios editor is detected as a trojan by some avs https://www.virustotal.com/en/file/10f9 ... 372612208/ )
More trusted on this Chinese site where i have found the Bios Fix tool (click on the red links to download the tools)
http://www.biosrepair.com/pic/pic99.htm
http://www.biosrepair.com/pic/pic94.htm

Rgds

[EP_X0FF]

(the Phoenix Bios editor is detected as a trojan by some avs https://www.virustotal.com/en/file/10f9 ... 372612208/ )

This is detection of MakeScreen utility embedded inside main BiosEditor.exe main application.
https://www.virustotal.com/en/file/fc89 ... /analysis/

It is not hard to guess initial Kaspersky FP copy-pasted by VT fake av's. Very professional as always.

==== (c)Copyright 2005 Phoenix Startup Screen Bitmap utility
Version 0.1 (May 30 2007 14:52:24)File