Windows 8 and 8.1 gives malicious code the boot

Windows 8 and 8.1 gives malicious code the boot….

The following article needs some updating about today’s quality antimalware that has the new protections working with Windows 8 and 8.1….

Windows 8.1 gives malicious code the boot(s) TechRepublic The Windows operating system has a number of security controls, and most users have some sort of anti-malware security suite installed on their …
http://www.techrepublic.com/article/windows-81-gives-malicious-code-the-boots/

FOLLOW UP:

Threats/infection that launch before system:

Rootkit (definition) http://en.wikipedia.org/wiki/Rootkit

BOOTKITS Bootkits http://en.wikipedia.org/wiki/Bootkit#bootkit
A kernel-mode rootkit variant called a bootkit can infect startup code like the Master Boot Record (MBR), Volume Boot Record (VBR) or boot sector, and in this way, can be used to attack full disk encryption systems. An example is the “Evil Maid Attack”, in which an attacker installs a bootkit on an unattended computer, replacing the legitimate boot loader with one under his control.  Typically the malware loader persists through the transition to protected mode when the kernel has loaded, and is thus able to subvert the kernel. For example, the “Stoned Bootkit” subverts the system by using a compromised boot loader to intercept encryption keys and passwords. More recently, the Alureon rootkit has successfully subverted the requirement for 64-bit kernel-mode driver signing in Windows 7 by modifying the master boot record.

Today’s quality Antimalware products:

Early Launch Anti-Malware http://www.techopedia.com/definition/29079/early-launch-anti-malware-elam-windows-8?utm_source=tod_newsletter&utm_medium=email&utm_content=tod_more&utm_campaign=newsletter
What does it mean? Early Launch Anti-Malware (ELAM) is a Windows 8 security technology that evaluates non-Microsoft Windows boot time device/application drivers for malicious code. It is the first system kernel driver that starts in Windows 8 operating mode, before any third party software or driver. Techopedia Explains As a component of Secure Boot – also introduced in Windows 8 – ELAM is a detection driver used to identify malware, root kits or other malicious code/drivers initiated at system Read more »

(((Note …. newer technology for Windows 8 in antimalware (antivirus plus antispyware). Some additional links….)))

Windows 8 Early Launch Anti-Malware from Third-Party AV Vendors http://news.softpedia.com/news/Windows-8-Early-Launch-Anti-Malware-from-Third-Party-AV-Vendors-226789.shtml

Managing early launch anti-malware (ELAM) detections http://www.symantec.com/business/support/index?page=content&id=HOWTO81107

Windows 8 ELAM: too late, too little! http://www.virusbtn.com/conference/vb2012/abstracts/KulkarniJagdale.xml

How to configure Early Launch Anti-Malware Protection in Windows 8 http://www.bleepingcomputer.com/tutorials/configure-early-launch-antimalware-protection/

How to disable Early Launch Anti-Malware Protection http://www.bleepingcomputer.com/tutorials/disable-early-launch-antimalware-protection/

Understanding Early Launch Anti-Malware (ELAM) technology in Windows 8 http://www.thewindowsclub.com/earlylaunch-antimalware-elam-technology-windows-8

[Hot Fix] B0006 – The Early Launch Anti-Malware of Titanium 2013 does not load properly http://esupport.trendmicro.com/solution/en-US/1095123.aspx

Windows 8: Trusted Boot: Secure Boot – Measured Boot http://blogs.msdn.com/b/olivnie/archive/2013/01/09/windows-8-trusted-boot-secure-boot-measured-boot.aspx

-- 
SENDER: gerald309 -- 
Have A Safe Computing Day!
Webmaster: Malware Removal/Amateur Forensics
HOME http://bluecollarpc.us/
Alternate https://sites.google.com/site/pcsecurityhelper/
HELP http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/
Membership/Join List:
Subscribe: BlueCollarPCSecurity-subscribe@yahoogroups.com
Free Malware Removal Help / A Community Website Since 2005
Advertisements

Question: Windows 7 Computer won’t start, keeps rebooting, help?

Question: Windows 7 Computer won’t start, keeps rebooting, help?

This is an actual help question at Yahoo Answers > Security that I found as somewhat towards rare, somwhat, that I fielded in attempt to help. Perhaps you may see something additional ?

USER QUESTION….
Windows 7 Computer won’t start, keeps rebooting, help?
http://answers.yahoo.com/question/index?qid=20120626135518AAuS8tK
The other day I was using my Toshiba Satellite L655, when suddenly it froze on me, as I tried to reboot it, it would just show a black screen. Now, I figured out that it was my Master Booter repair that had been corrupted. I have been trying to use a system repair disk, but when I use it, it comes up with country select, then I click next. After that it comes up with System recovery options, choose operating system, but it is frozen on the screen, when another box appears and is System Recovery options: Searching for Windows installations… and it is stuck from there. I can NOT get into Safe Mode on my computer, it just takes me back to reboot loop that i’m stuck in. Please help! (I don’t know much about computers so please put into simple terms, thanks)

MY ANSWER / antibotnet yahoo handle by bluecollarpc…….

You are talking a highly technical area as the MBR being fumped. (Master Boot Record). Though you say keep it simple, this is a highly technical area needing at least an Advanced User to professional to diagnose and fix. However, apparently you are aware enough to have seen or detected something and perceive the general area of trouble. The BSoD (blue screen of death) is one event. The black screen generally appears when critical and fatal corruption has occurred and other than the normal black screen appearing like when you boot into Safe Mode with Options.

If there has been irreperable damage and corruption to the system and a Black Screen appears – it will generally have a one or two liner explantion that something is totally screwed like especially something ending as SysConfig not found or similar. UNLESS you are seeing a one or two line explantion on a Black Screen and can not use the computer then it is probably not any fatal error requiring the Windows system to be reinstalled via CD Recovery Disk. So that means still a chance at a fix.

I recommend you continue in the efforts you began as reinstalling Windows as you apparently have already initiated and review online information and help about this task. If you are convinced you are performing the reinstallation process properly then this is going to wipe the disk and reinstall Windows to Factory Fresh. I own two Toshibas and they have excellent CD Recovery Disks that work flawlessly. You should NOT be running into problems with these – should be two disks either included at purchase or made from Toshiba utilities in the PC added free to make these.

As the PC has virtually become unusable – I would take the hail mary approach of attempting the drastic – wipe the entire disk and reinstall. Myself, at the point you say you are in, I would not even bother with some fix/repair option. I would go with wipe the disk and reinstall. It may be the only chance you have at getting the computer back the way you describe the situation you are in.

POSSIBLE DIAGNOSIS….
It sounds like perhaps the problem is that your computer has been infected with a rootkit/bootkit. These are about the ONLY malwares that affect the MBR area. Of course with these the ONLY cure is generally to reinstall windows after wiping the disk (completely erasing everything on the computer – windows and personal softwares and files installed). The CD Emergency Repair Disks will do that automatically and malware does not prevent this. The other repair option is an attempt to fix just an area that may have been corrupted or mistaken file deletion without wiping the disk at all – which saves all the softwares and files you have installed or created – personal files as audio and video clips, pictures, documents etc.

POSSIBLE SOLUTION….. This area is the exact new security solutions being released in Windows 8 – the new anti-rootkit anti-bootkit technologies which prevent these malwares from start up in the boot sector. There are TWO possible solutions as these two antimalware USB CD Drive products. One is the full antimalware product from well known and well awarded Emsisoft Antimalware products and FREE. The other is from Microsoft. These are first placed on a USB Drive (about 15 bucks and NOT a usb media stick – the USB DRIVE – same price) with at least 2Gigs space get 4 if you can. These will BOOT cold cokced against these very malwares (rootkit/bootkit) to quarantine them from starting up in the boot sector before the actual system is booting up. Traditional antimalware does NOT protect in this manner – but after the system start up is occurring. Make the USB Drive and stick it in and cold cok boot it with fingers crossed that this is indeed the problem experienced. If so, these should remedy this and will return the PC to normal – malware free.

Emsisoft Emergency Kit 2.0
http://www.emsisoft.com/en/software/eek/
Your emergency kit for infected PCs! Detects and removes Malware > 5 million known dangers. World class dual-scan-engine. 100% portable – perfect for USB sticks.
HiJackFree and BlitzBlank included.
Emsisoft BlitzBlank
BlitzBlank is a tool for experienced users and all those who must deal with Malware on a daily basis. Malware infections are not always easy to clean up. These days the software pests use clever techniques to protect themselves from being deleted. In more and more cases it is almost impossible to delete a Malware file while Windows is running. BlitzBlank deletes files, registry entries and drivers at boot time before Windows and all other programs are loaded.
Self made Emergency USB stick – Expand the content of the Emsisoft Emergency Kit to an USB stick and make your own universal tool to scan and clean infected PCs.  

==========
Microsoft Standalone System Sweeper (Beta) [FREE]
http://connect.microsoft.com/systemsweeper

NOW CALLED WINDOWS DEFENDER OFFLINE http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline
Note “beta” means it is actually still a test version with ability of feedbacks from the community for any bugs found they need to correct. It then is released as normal “alpha” version.
NEWS:
Microsoft ships free malware cleaner that boots from CD or USB
ZDNet (blog)
June 1, 2011, 10:15am PDT In a move aimed at cutting down on support call costs, Microsoft has released a malware recovery tool that boots from a CD or USB stick. Ryan Naraine is a journalist and social media enthusiast specializing …
http://www.zdnet.com/blog/security/microsoft-ships-free-malware-cleaner-that-boots-from-cd-or-usb/8712
SEE
Bootkits
http://en.wikipedia.org/wiki/Bootkit#bootkit

Ask HTG: Reading Blue Screen of Death Codes
http://www.howtogeek.com/97093/ask-htg-reading-blue-screen-codes-cleaning-your-computer-and-getting-started-with-scripting/?utm_source=newsletter&utm_medium=email&utm_campaign=081111
Generally IRQL errors are hardware or driver related. We’d suggest
checking to see if any drivers have been updated recently and either
roll them back to the old driver or see if an even newer driver is
available (the vendor may have released a driver to fix the crashes). If
that doesn’t help you’ll find BlueScreenView, a crash dump analyzer,
rather helpful. We have a guide to using BlueScreenView to help get you
started……

BlueScreenView v1.40 – View BSOD (blue screen) crash information stored in dump files.
Copyright (c) 2009 – 2011 Nir Sofer
http://www.nirsoft.net/utils/blue_screen_view.html
SOURCES
https://sites.google.com/site/pcsecurityhelper/malware-removal-center
http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline
https://bluecollarpcwebs.wordpress.com/2011/11/18/unbelievable-windows-8-boot-security-cracked-already-before-released-bootkit-malware/
http://en.wikipedia.org/wiki/Bootkit#bootkit

New Portable – Microsoft releases Windows Defender Offline tool beta (create bootable CD,DVD,USB flash drive)

New Portable – Microsoft releases Windows Defender Offline tool beta (create bootable CD,DVD,USB flash drive)

New Portable – Microsoft releases Windows Defender Offline tool beta (create bootable CD,DVD,USB flash drive)

Microsoft releases Windows Defender Offline tool beta
The H
Users can choose to create a bootable CD, DVD or USB flash drive
Microsoft has published a public beta of an offline version of its
Windows Defender spyware removal software, formerly known as Microsoft
AntiSpyware. Using the Windows Defender Offline …
http://www.h-online.com/security/news/item/Microsoft-releases-Windows-Defender-Offline-tool-beta-1392853.html

GET IT FREE HERE ……
What is Windows Defender Offline Beta?
http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline

NOTES…. A big plus here is the antimalware product runs before a
bootkit can apparently, which coincides with the new security technology
in Windows 8 which unfortunately has already been cracked….

” Windows 8 Boot Security Cracked”
http://www.crn.com/news/security/231903295/windows-8-boot-security-cracked.htm;jsessionid=NZjzL4QedChUWf+VUz6Tyg**.ecappj02

THREAT http://en.wikipedia.org/wiki/Bootkit#bootkit

\sarcasm\ …So Micro$oft will be passing out a free Windows Defender
Anti-Bootkit USB Drive stick and a Norton CD with each new Windows 8
purchase ? ! LOL ….sounds eerily like a Microsoft apology or the
opposite being offering the same type technology for XP users as
conceivably a bootkit can not run on Vista because rootkits can not.
Since Vista UAC has reportedly been cracked
<https://bluecollarpcwebs.wordpress.com/2011/08/26/vista-user-account-control-uac-finally-cracked/>;
…THEN it would seem this is indeed the next attack vector as creating
the bootkit to then circumvent Vista security to attempt running the
very first rootkit on Vista which means a payload described as a
“blended threat” <http://en.wikipedia.org/wiki/Blended_threat>; as
massive, is necessary, and will no doubt be tracked back by Cyber
Security agencies (FBI et al) and the antimalware industry and possibly
private citizen groups that go botnet hunting. BUT the obvious question
is hot to upload the payload to Vista ? Only those that could care less
about security or love to run Vista without UAC (turning it into a XP or
98 0r ME) are the ones that can even be infected with the payload to
even attempt to deliver the payload and attempt reports back as to how
well they did. Massive hit and miss circumstances for this ever to
become reality. Since Vista has not climbed too much above 10 to 12
percent of sales seems it would be missed by this pipe dream to date.
Still, food for thought – and I am still in the “I love my Vista” crowd
for life ! ! ! She will be most secure even over and above Windows 8.

REFERENCE ….
Techworld.com – Vista’s UAC spots rootkits, tests find
http://www.techworld.com/security/news/index.cfm?newsid=101583

I personally called Vista as the crown of security software for the
decade (2000-2010) as the operating system itself achieving what NO
other defense software did…..

QUOTES
AV-Test.org, which set out to find out how well anti-virus programmes
fared against known rootkits….
The answer was not particularly well at all, either for Windows XP, or
Vista-orientated products. Of 30 rootkits thrown at XP anti-malware
scanners, none of the seven AV suites found all 30, a similar story to
the six web-based scanners assessed. Only four of the 14 specialised
anti-rootkit tools managed a perfect score.

The best of the all-purpose suites was Avira AntiVir Premium Security
Suite, which found 29 active rootkits, with Norton finding as few as 18.
The anti-rootkit tools fared better, with AVG Anti-Rootkit Free, GMER,
Rootkit Unhooker LE, and Trend Micro Rootkit Buster achieving perfect
scores. The scores for removal were patchy, however, with all failing to
remove 100 percent of the rootkits they had found.

The results for Vista products were harder to assess because only six
rootkits could run on the OS, but the testers had to turn off UAC to get
even this far. Vista’s UAC itself spotted everything thrown in front of
it.

Only three of the 17 AV tools for Vista managed to both detect and
successfully remove them, F-Secure Anti-Virus 2008, Panda Security
Antivirus 2008, and Norton Antivirus 2008.

That UAC can tell a user when a rootkit is trying to install itself is
not in itself surprising, as Vista is supposedly engineered from the
ground up to intercept all applications requests of any significance.

OTHERS ——–>

Emsisoft Emergency Kit 1.0 [FREE]
http://www.emsisoft.com/en/software/eek/
[Software collection]
Version 1.0.0.25 – 6/8/2011
Your emergency kit for infected PCs!
Detects and removes Malware
>4 million known dangers
100% portable – perfect for USB sticks
HiJackFree and BlitzBlank included

ClamWin Portable (Antivirus, more) [FREE]
http://portableapps.com/apps/utilities/clamwin_portable
Antivirus to go…. ClamWin Portable is the popular ClamWin antivirus
packaged as a portable app, so you can take your antivirus with you to
scan files on the go. You can place it on your USB flash drive, iPod,
portable hard drive or a CD and use it on any computer, without leaving
any personal information behind.
NEWS: ClamWin Portable 0.97.1 (anti-virus) Released | PortableApps.com

ClamWin Portable 0.97.1 (anti-virus) Released. Submitted by John T.
Haller on June 17, 2011 – 7:46pm. logo ClamWin Portable 0.97.1 has been
released. …
http://portableapps.com/news/2011-06-17_-_clamwin_portable_0.97.1_released

Microsoft Standalone System Sweeper (Beta) [FREE]
http://connect.microsoft.com/systemsweeper
Note “beta” means it is actually still a test version with ability of
feedbacks from the community for any bugs found they need to correct. It
then is released as normal “alpha” version.
NEWS:
Microsoft ships free malware cleaner that boots from CD or USB
ZDNet (blog)
June 1, 2011, 10:15am PDT In a move aimed at cutting down on support
call costs, Microsoft has released a malware recovery tool that boots
from a CD or USB stick. Ryan Naraine is a journalist and social media
enthusiast specializing …
http://www.zdnet.com/blog/security/microsoft-ships-free-malware-cleaner-that-boots-from-cd-or-usb/8712

SUPERAntiSpyware Portable Scanner (Antispyware) [FREE]
http://www.superantispyware.com/portablescanner.html
Follow the instructions below to download the SUPERAntiSpyware Portable
Scanner. The scanner features our complete scanning and removal engine
and will detect AND remove over 1,000,000 spyware/malware infections.
The scanner does NOT install anything on your Start Menu or Program
Files and does NOT need to be uninstalled. The scanner contains the
latest definitions so you DO NOT need Internet Access on the infected
system to scan.

Comodo Cleaning Essentials
Comodo Cleaning Essentials is a set of portable antivirus tools
that will help you to detect and remove malware from an infected PC.
http://www.comodo.com/business-security/network-protection/cleaning_essentials.php
(DESKTOP http://www.comodo.com/ )

ESET SysInspector is a powerful, portable security tool that will
inspect your system’s files, running processes, Registry keys and more,
looking for and highlighting anything that could be a sign of malware.
(Makers of famous Eset NOD32 Antivirus – most awarded in history)
http://www.downloadcrew.com/article/20672-eset_sysinspector_12026_32-bit
(DESKTOP http://www.eset.com/us/ )

Norman Malware Cleaner is an interesting portable antivirus tool which
will scan your PC, detecting and removing any malware that it uncovers.
http://www.downloadcrew.com/article/23283-norman_malware_cleaner
(DESKTOP http://www.norman.com/en-us )

The AVG Rescue CD is a portable environment that comes with a range of
tools to help you clean up a virus-infected PC, fix hard drive problems,
and get an unbootable system working again. This variant of the rescue
CD is intended for installation on a USB flash drive. After downloading,
you should extract the archive contents directly to the root folder of
the USB drive
you’d like to use. (If you don’t have a tool that can read RAR files,
then try 7-ZIP).
http://www.downloadcrew.com/article/4650-avg_rescue_cd_usb_flash_drive_edition
(DESKTOP http://www.avg.com/us-en/homepage

CCleaner Portable
CCleaner Portable is a compact version of CCleaner that you can store on
a CD, USB flash drive, microSD, or even two floppy disks if you still
use those.
http://www.softpedia.com/get/PORTABLE-SOFTWARE/Security/Secure-cleaning/Windows-Portable-Applications-CCleaner-Portable.shtml
(DESKTOP http://www.piriform.com/ccleaner )
 
 SENDER:

Webmaster/malware removal help
HOME http://bluecollarpc.us/
Alternate https://sites.google.com/site/pcsecurityhelper/
HELP http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/
Membership/Join List:
Subscribe: BlueCollarPCSecurity-subscribe@yahoogroups.com
Free Malware Removal Help / A Community Website Since 2005

Unbelievable! – Windows 8 Boot Security Cracked already before released (Bootkit malware)

Unbelievable! – Windows 8 Boot Security Cracked already before released (Bootkit malware)

Windows 8 Boot Security Cracked
CRN
By Antone Gonsalves, CRN
An Austrian security analyst has built the first known bootkit that bypasses Windows 8’s defenses against installing malware while the operating system is booting.
Peter Kleissner, an independent programmer and recognized …
http://www.crn.com/news/security/231903295/windows-8-boot-security-cracked.htm;jsessionid=NZjzL4QedChUWf+VUz6Tyg**.ecappj02
( HATE TO BE I TOLD YOU SO BUT THE BLUECOLLARPC.US PREDICTED THIS THAT WINDOWS 8 BOOT UP SECURITY FEATURE WILL BE CRACKED AS FAST AS IT HITS THE STREETS….. LOOKS LIKE WE WERE A LITTLE OFF – IT HAS BEEN CRACKED EVEN BEFORE IT HIT THE STREETS ! ! ! …..LOL ) 

We can expect Windows 8 to be launched sometime in mid-late 2012, however, it’s too early to predict the Windows 8 release date, since it is still under development. Nevertheless, the only question that haunts each and every one of us – Will Windows 8 win the battle against Apple which it had lost several years back? SOURCE http://www.thetechlabs.com/tech-news/windows-8-features/

Bootkits
http://en.wikipedia.org/wiki/Bootkit#bootkit
A kernel-mode rootkit variant called a bootkit is used predominantly to attack full disk encryption systems, for example as in the “Evil Maid Attack”, in which a bootkit replaces the legitimate boot loader with one controlled by an attacker; typically the malware loader persists through the transition to protected mode when the kernel has loaded.[35][36][37][38] For example, the “Stoned Bootkit” subverts the system by using a compromised boot loader to intercept encryption keys and passwords.[39] More recently, the Alureon rootkit has successfully subverted the requirement for 64-bit kernel-mode driver signing in Windows 7 by modifying the master boot record.[40]

The only known defenses against bootkit attacks are the prevention of unauthorized physical access to the system—a problem for portable computers—or the use of a Trusted Platform Module configured to protect the boot path.[41]
HISTORY TO DATE…..
Windows 8 Spells Trouble for Linux, Hackintosh Users and Malware Victims
http://tech.groups.yahoo.com/group/LinuxDucks/messages/523
Windows 8 won’t dual-boot Linux?
http://tech.groups.yahoo.com/group/LinuxDucks/message/539
Microsoft, Red Hat Spar Over Secure Boot-loading Tech
http://tech.groups.yahoo.com/group/LinuxDucks/message/541
Windows 8 Dual Boot Possible If ‘Secure Boot’ Disabled
http://tech.groups.yahoo.com/group/LinuxDucks/message/544
How to change the boot order of a dual-boot Linux PC
http://tech.groups.yahoo.com/group/LinuxDucks/message/550
Linux Licensing in Conflict with Secure Boot Support
http://tech.groups.yahoo.com/group/LinuxDucks/message/565
FSF warns of Windows 8 Secure Boot (Sign Petition)
http://tech.groups.yahoo.com/group/LinuxDucks/message/626
Linux Foundation, Canonical and Red Hat Weigh In On Secure Boot
http://tech.groups.yahoo.com/group/LinuxDucks/message/650
The right to dual-boot: Linux groups plead case prior to Windows 8
http://tech.groups.yahoo.com/group/LinuxDucks/message/662
Linux Foundation: Secure Boot Need Not Be a Problem
http://tech.groups.yahoo.com/group/LinuxDucks/message/671
Linux Community Offers Secure Boot Ideas
http://tech.groups.yahoo.com/group/LinuxDucks/message/672
Leading PC makers confirm: no Windows 8 plot to lock out Linux
http://tech.groups.yahoo.com/group/LinuxDucks/message/673
Linux Advocates protest ‘Designed for Windows 8’ secure boot policy
http://tech.groups.yahoo.com/group/LinuxDucks/message/679
Linux Community Counters Microsoft’s Windows 8 Secure Boot Mandate
http://tech.groups.yahoo.com/group/LinuxDucks/message/696

SENDER:
Webmaster/malware removal help
Membership/Join List:
Free Malware Removal Help / A Community Website Since 2005
%d bloggers like this: