Rootkit

system · February 21, 2015, 10:01pm

Hi!
Recently when I start virus scan, Avast allert me for a Rootkit in my PC. The name of Rootkit is “Disco 0 Master Boot Record, MBR-Mebusta-B [Rtk]” but IMHO it isn’t a Rootkit because is a file create by program “BootkitInstaller”. (i try to deactivate it on windows 7 startup and avast didn’t discovered any virus) It’s a program create by Saferbytes for enable PAE on Windows Vista/Windows 7. There are a link for official website of Saferbytes and download the program: http://news.saferbytes.it/analisi/2013/02/saferbytes-x86-memory-bootkit-new-updated-build-is-out/. I’m wait for answer, thanks for the support!

Pondus · February 21, 2015, 11:15pm

Logs to assist in cleaning malware https://forum.avast.com/index.php?topic=53253.0

avastuser3796 · February 22, 2015, 1:49pm

Hello,

You do know the file you downloaded is a Bootkit right? Bootkit = Rootkit!!! Why would you knowingly install this?!

Pondus · February 22, 2015, 2:01pm

not-a-virus:RiskTool
https://www.virustotal.com/nb/file/ece470b5d622b4a9a62db4d8ca527966197ee087325dee58411b2e0a4b92e5ab/analysis/1424613600/

First submission 2013-02-22 13:09:48 UTC ( 2 years ago )

CopyrightCopyright (C) 2013 Saferbytes Publisher Saferbytes Product X86 Memory Bootkit Original name Bootkit_Installer.exe Internal name BootkitInstaller File version 1, 2, 0, 4 Description X86 Memory bootkit Setup application Comments Saferbytes X86 Memory Bootkit - Based on an idea of Andrea Allievi

Secondmineboy · February 22, 2015, 2:15pm

Heres the softwares log file: http://prntscr.com/68ee7s

system · February 25, 2015, 8:48am

Uhm i see…
I know Bootkit = Rootkit, but i can’t ability PAE on machine after boot of OS, and if it is a real Rootkit i can’t remove it simply press “deactivate Bootkit installer from your machine”… I think that considering the program modify OS information for ability PAE on machine, the antivirus allert the user (and is not “safe” ability PAE on 32bit machine because PAE can generate BlueScreen). The program REAL enable PAE on the machine ad i really can use 4gb/4gb on the machine, but when i remove “Disc 0” or deactivate the program the free RAM is 3.00-2.97GB.

system · February 25, 2015, 3:32pm

Looking on Google, ‘Saferbytes x86 memory bootkit program’ in the OP seems to be a program which enables a 32 bit operating system like Win 7 32 bit to use more than 4 GB of RAM. Currently you’re limited to 4 GB max RAM in 32 bit systems regardless of how much memory you have installed.
For instance, I have a machine running Win XP/32 bit with 4 GB of RAM, but only 2.93 GB show up in My Computer.
So, as I understand it, the program operates like a rootkit, but isn’t actually malware.
http://news.saferbytes.it/analisi/2013/02/saferbytes-x86-memory-bootkit-new-updated-build-is-out/

Pondus · February 25, 2015, 3:36pm

So, as I understand it, the program operates like a rootkit, but isn't actually malware.

as already said above, detected as riskware .... se VT link posted above

Rootkit

Announcements