DLSS Posted September 14, 2007 Share Posted September 14, 2007 medion laptops sold in germany & denmark, including 13yo boot sector virus (wich btw was not detected by the included anti-virus product ) New Laptop Comes With an Ancient Virus By now we expect to have to delete trial software, site links and other unwanted crap from newly bought computers. But notebook buyers in Germany recently got a seriously nasty surprise when brand-new Medion laptops bought from Aldi turned out to be infected with the Stoned.Angelina boot virus that was first seen 13 years ago. I think you need to multiply that time span by 50 or so to equate tech years to human years, which makes this one seriously ancient malware relic. No word yet on how it made its way onto new laptops, but reports say that the virus can only spread by starting a PC with an infected floppy in the drive. The virus doesn't carry any payload, either, meaning it doesn't do anything aside from trying to spread itself. It won't delete files, steal passwords, or turn your PC into a spam-spewing bot. Which makes me strongly suspect some German with a malformed sense of humor is laughing right now at the outcome of his practical joke. Still, at least one organization has taken advantage of the strange event to test antivirus products. Andreas Marx of AVTest.org (which performs our antivirus review detection and cleanup tests) says he ran ten different AV products against Vista and XP PCs infected with Stoned.Angelina to see if they could cure the infection. Products from Kaspersky (our #1 pick in our latest antivirus round-up), BitDefender and G Data were all able to detect and remove the virus. BullGuard, McAfee, Trend Micro and Avira were able to detect, but not clean, the infection. Symantec and Panda got rid of the virus on XP, but their steps to clean the virus on Vista effectively broke the OS, and the PC could no longer start up. And sad little OneCare had no idea anything bad was happening, since it can't detect boot viruses at all, according to Marx. If you happen to know someone who picked up a Medion laptop from Aldi in Germany, you can point them towards a BullGuard page on how to get rid of the virus. And here's more details from Marx, including product versions and OS specifics, on his testing. First, we infected a PC with an installed Windows XP SP2 or Windows Vista with "Stoned.Angelina" what is quite easy to perform -- you only need to "forget" an infected floppy disk in the A: drive and try to boot from it. The virus will instantly infect the system area of the hard disk. However, unlike some other boot viruses, Windows is still able to boot up and it won't display any warning messages. The virus can infect further floppy disks as soon as it's activated (on every reboot) and under DOS. As soon as Windows 2000, XP or Vista (or Linux or any other protected mode OS) is started, the virus code won't be called anymore -- the system is still infected, but the virus itself cannot spread further until the next reboot. For our testing, we used the German versions of Windows and the currently available "2007" or "2008" consumer versions of some anti-virus software or security suites (in German language, using updates as of yesterday or today, 2007-09-14). We have tested a total of 10 products (on two OS): Avira AntiVir Personal Premium (v7), G Data (AVK) Total Care 2008, BitDefender Internet Security 2008 (v10), BullGuard Internet Security 7.0, Kaspersky Internet Security 7.0, McAfee Internet Security 2007 (the 2008 version is not yet released), Symantec Norton 360, Microsoft OneCare 1.6, Panda Internet Security 2008 (v12), Trend Micro PC-cillin Internet Security 2007 (the 2008 version is not yet released). The following scanners were able to detect and successfully remove the "Stoned.Angelina" critter on Windows XP and Vista: * G Data (AVK) Total Care 2008 * BitDefender Internet Security 2008 (v10) * Kaspersky Internet Security 7.0 The following tools were able to detect and report the infection, but unable to handle it: * BullGuard Internet Security 7.0 * McAfee Internet Security 2007 * Trend Micro PC-cillin Internet Security 2007 * Avira AntiVir Personal Premium (v7) -- BUT the scan of the system areas (master boot record) is disabled by default, so it has to be enabled or AntiVir wouldn't report anything, as it's not scanning this sector! Two of the tools were able to successfully report and clean the virus on Windows XP, but they shred the system area on disinfecting an Windows Vista based system after the infection was found -- this means, Vista wouldn't start anymore after a "successful" cleaning and it has to be repaired (e.g. by booting from the installation DVD and selecting the option to repair the system, see the Bullguard website link above for details): * Symantec Norton 360 * Panda Internet Security 2008 (v12) -- BUT you need to start the tool with administrator rights or disable User Account Control (UAC) or Panda wouldn't be able to scan for the virus on disk and report the system is clean, even if it's indeed infected This leaves one tool -- Microsoft OneCare 1.6 -- which is completely unable to scan for boot viruses on disk (tested on Windows XP and Vista), so the user wouldn't get a notification that his system is infected. As nothing is found, nothing can be removed, of course. ps can someone remind me why these modern day laptops running vista still have a floppy drive or floppy drive connected to them ? Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.