Author: Julianfan2
Subject: Gpu based paravirtualization rootkit, all os vulne
Posted: 07 May 2014 at 10:16pm
I have been searching since 2008 for the elusive gpu rootkit. I have 2 laptops and 3 desktops running Vista, Windows 7 and 3 flavors of linux. They are not networked and I have a wired router.
Subject: Gpu based paravirtualization rootkit, all os vulne
Posted: 07 May 2014 at 10:16pm
I have been searching since 2008 for the elusive gpu rootkit. I have 2 laptops and 3 desktops running Vista, Windows 7 and 3 flavors of linux. They are not networked and I have a wired router.
I was trying new removal tools on an old Sony desktop without wireless. The router was off.
This pc produces great log files and in one of those "I know something is wrong but I don't know what " moments I found a log detailing a new software installation. It reported my pc to be a Dell Computer PowerEdge 2850. It repartioned my c: drive into 5 partitions as follows:
Disk 0, Ata disk
Unallocated disk region, unrecognized
Unallocated disk region, unrecognized
NT partition I, disk 0, partition 2, boot drive
Unallocated disk region, unrecognized
Volume I lives on disk 0 at offset 0x1000000
It loaded I:\Windows\system 32\config\default hive.
Fixing mounted devices key for Disk 0 Partition offset 0x1000000.
Both the boot manager objects and the MBR were patched.
The log reported that it could not disconnect network shares. This pc now starts with "checking
nvram." I believe this is the config file.
I think is the NSA exploit Dietybounce. I've been vocal about government spying for years. Perhaps this is my reward.
I have a lot more information if anyone is interested. I'm using a library computer and I'm only here on Wednesday.