[Community-sigs] Alureon / Zegost

Andy Singer andy at orbitech.org
Tue Jun 17 18:44:47 EDT 2014


Here are some updated signatures to detect an infected MBR. I uploaded the
samples I used, the SHA 256 for the archive (Boot.7z) is
3287A03E4FA9EC7F60D05C1349BD5B86658C9B33B309E0F7C182874B991C8327

Boot.Zegost:0:*:EB01906800080768C0071F{-6}B90002BE00{-16}FCF3A4CB00000000000000000000000000000000{-4}8CC88ED88EC0
Boot.Zegost-1:0:*:FA3?DB8ED3368926FE7BBCFE7B1E6660????????1304{-8}C1E0068EC0{-4}BE007C3?FFB90001F3A5
Boot.Alureon:0:*:33C08ED0{7}BE007CBF0006B90002FCF3A450681C06CBFB60B9??01BD



More information about the Community-sigs mailing list