Retro Virus comes back to hit hard disk MBR

Author: Category: Security Tags:

ESET reports the Windows-borne Zimuse as a retro oddity because it attacks a hard disk master boot record (MBR) of any attached drive its finds, a technique common in viruses from nearly 20 years ago.

As with viruses of old, its spread is aided by its ability to infect the modern equivalent of floppy disks, USB sticks.

Perhaps conceived as a prank targeting a small community of bikers in central Slovakian region, the worm Win32/Zimuse.A and Win32/Zimuse.B has achieved worldwide notoriety.

It is a type of threat that overwrites MBR (Master Boot Record) of all available drives with its own data, making the data stored on the user’s computer inaccessible. Moreover, the restoration of the corrupted data is complicated, requiring specialized software or a provider.

If the current system date and time matches certain conditions, the worm overwrites the MBR (Master Boot Record) of available drives with its own data. The worm overwrites the first 50 KB of data.

The worm may delete the following files:

C:\BOOT.INI
C:\NTDETECT.COM
C:\NTLDR
C:\HYBERFILE.SYS
C:\BOOTMGR

ESET has also published Zimuse Removal Tool.

If you have liked this post, you might want to check out some more, on topics like .

About AnandK@TWC

Anand aka HappyAndyK is an end-user Windows enthusiast, a Microsoft MVP in Windows Desktop Experience since 2007, and the Admin of TheWindowsClub.com, TheGeeksClub.com & WinVistaClub.com. Creating a System Restore Point before trying out a new software or a tweak is always recommended.
Follow on Google: +AnandK@TWC

Ads

Related Post

Random Posts

  • Yatti420

    Similar viruses end up on school networks spread from USB to USB.. Mostly non malicious but some could easily rewrite various works to be incredibly dangerous..

© 2012 The Windows Club All Rights Reserved