Remove DistTrack.A aka Shamoon Malware Infects, Steals, Wipes MBR by Britec
DistTrack is an overwriting malware rumored to be behind destructive actions in the Middle East. Some report it to be used in targeted attacks against companies in the energy sector.
I will register itself as a system service using the name of the next.
If the date and time of the system is to meet certain conditions, I want to create the following files.
% Windir% system32 % variable% (194048 B, Win32/DistTrack.A) (x86)
% Windir% System32 Drivers drdisk.sys (27280 B) (x86)
% Windir% system32 % variable% (227840 B, Win64/DistTrack.A) (x64)
% Windir% System32 Drivers drdisk.sys (31632 B) (x64)
This driver is placed in the %DRIVERS% folder under the name drdisk.sys. It is apparently taken from an innocent application, and just used opportunistically to enable raw disk access. DistTrack uses raw disk access to destroy the Master Boot Record (MBR) on the hard drive, resulting in this chilling message on bootup:
Operating system not found.
If successful, the copy of the Trojan attack is taken from the machine.
name will be one of the following.
Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Vista, Windows XP