Backdoor:Win32/Yonsole.A trojan modify MBR on affected PC

"A recently discovered backdoor sample detected as Backdoor:Win32/Yonsole.A can accept and execute a command from a remote server to modify the Master Boot Record on the affected machine. The modification to MBR is like the old "Stoned" virus for DOS. However, in this case, the MBR (the code is shown in Figure 1) does nothing […]

"A recently discovered backdoor sample detected as Backdoor:Win32/Yonsole.A can accept and execute a command from a remote server to modify the Master Boot Record on the affected machine. The modification to MBR is like the old "Stoned" virus for DOS. However, in this case, the MBR (the code is shown in Figure 1) does nothing but display a banner in the center of the screen:

and freeze the PC (figure 2):

We detect the new MBR as Trojan:DOS/Yonsole.A," notifies Microsoft MPC.

[Source]

About The Author

Deepak Gupta is a IT & Web Consultant. He is the founder and CEO of diTii.com & DIT Technologies, where he's engaged in providing Technology Consultancy, Design and Development of Desktop, Web and Mobile applications using various tools and softwares. Sign-up for the Email for daily updates. Google+ Profile.