Now Playing

Despicable Me 2


Todays Trailer & Spoiler :

Despicable Me 2

Release: Since JULY 2013

Plot Summary

Get ready for a minion laughs in the funniest blockbuster hit of the year!

Vying for the title of “World’s Greatest Villain”, Gru (voiced by Steve Carell) – along with his hilarious crew of mischievous minions –

plots to pull off the craziest crime of the century: steal the moon!

But when Gru enlists the help of three little girls, they see something in him nobody else has ever seen: the perfect dad.

From executive producer Chris Meledandri (Horton Hears a Who, Ice Age), and featuring the voices of an all-star comedic cast, including Jason Segel, Russell Brand, Miranda Cosgrove and Julie Andrews, Despicable Me is “rousingly funny, heartfelt and imaginative".

Pete Hammond

OS9USER Newsroom Reporter's Profile

George Proulx Lynn Sorel Brian Palmer

Tap or Click To See Our Profile

Saturday, January 12, 2008
Let's Break down the installation of Mebroot :
  • Installer
  • MBR loader
  • Kernel patcher
  • Kernel driver loader
  • Sectors hider/protector
  • The rootkit installs itself on the last sectors of the users disk and then modifies other sectors including sector 0. The code is run before your PC boots up into XP or NT and has full control of the boot process which means it can install and run any application it wants without you, XP or NT knowing about it. The installer of the rootkit writes the content of malicious kernel driver (244 736 bytes) to the last sectors of the disk (offset: 2 142 830 592) and then modifies sectors 0 (MBR), 60, 61 and 62.

    The content of hidden sectors:

  • 0 - MBR rootkit loader
  • 61 - kernel part of loader
  • 62 - copy of original MBR
  • Kernal Patcher : MBR rootkit loader hooks INT 0x13 to control content of sectors loaded by NTLDR. It patches two areas of the kernel: the first contains the call of nt!IoInitSystem function and the second is the last page of the kernel image. At the beginning of start-up rootkit calls original nt!IoInitSystem function and then loads its own driver.

    Kernal Driver loader : The main part of rootkit loader opens "\??\PhysicalDrive0" and reads the content of the malicious kernel driver from the disk. Rootkit uses its own procedure to load image sections to the memory and in the last stage the loader calls driver's entry point. The malicious kernel driver is loaded at the last stage of boot process. The driver as the main part of this rootkit is responsible for the network communication and hiding real content of affected sectors.

    Sectors hider/protector : To hide the real content of MBR and other sectors from AV scanners rootkit hooks "\Driver\Disk" IRP_MJ_READ. Normally, when API reads sector 0 (MBR), rootkit modifies disk IRP_MJ_READ call and returns copy of original MBR stored in sector 62. The second hook (IRP_MJ_WRITE) protects it from being deleted/overwritten.

    The next time the computer is started, the first sector of the drive will be loaded before the operating system. The first sector of the drive contains the modified MBR, whose code will load the other part of the malware. This part, in turn, is responsible for the network communication established between the operating system and the BIOS interruption 13h, hiding the modified MBR and the malicious code.

    When this type of malware is run in a system, it makes a copy of the original MBR in the absolute sector 62 of the hard disk and overwrites the one existing in the sector 0 with malicious instructions. Additionally, it installs itself at the end of the hard disk, being its code of approximately 244 736 bytes in size.

    Once installed the virus, Mebroot usually downloads other malicious programs, such as keyloggers, to do the work of stealing confidential information.Since it uses its hidden position on the MBR as a beachhead so it can re-install these associated programs if they are deleted by anti-virus software.

    Removal :

    For experienced users my top recommendation is GMER though you will need to read the documentation carefully before using this one.

    When GMER detects hidden service click "Delete the service" and answer YES to all questions.


    Sorry for being so Technical, it is very important to understand how this bad boy works, and how to rid yourself of it.


    0 Comments left so far ...

    Post a Comment


    How How 'Star Trek's Sulu' Is Waging War On Russia

    You probably associate "Star Trek" star George Takei with funny Facebook posts and clever, well-informed commentary. Only lately has the former Sulu taken on a more serious role on the world stage ... Read More ...

    Watch for Updates !
    TV: Tonight's Picks

    YouTube Video's

    Box Office Movies

    OS9USER Trending Stories

    iTunes Song

    iTunes Top Free

    Best Android APP Award

    OS9USER Editor's Choice :

    Top Free App : TweetCaster for Twitter

    Anyone who wants to use Twitter on a tablet should take a look at TweetCaster. It has an intuitive interface and a veritable feast of features including support for multiple accounts, a powerful search function, speech to text for tweets, filters, themes, widgets … the list goes on and on. It’s a solid and reliable app that manages to pack in a lot of functionality without overwhelming you. It’s better than the official Twitter app.

    iTunes Top Free Movies

    Play Station Game Review

    OS9USER.Android APPS Review Corner

    We Provide News
    To 33 Country(s)
    Around The World

    Grab Our RSS News Feed
    On Your Device

    HomePage Updated Daily !

    OS9USER News Room

    Click Here &
    Bookmark Us

    Works on Iphone & Ipads !

    Powered by Blogger

    OS9USER News Room Copyright © 2006-2013 All Rights Reserved.