Slashdot Mirror

← Back to Stories (view on slashdot.org)

All-Radio 4.27 Portable Can't Be Removed? Then Your PC Is Severely Infected (bleepingcomputer.com)

Posted by BeauHD on from the can't-be-unseen dept.

CaptainDork shares a report from Bleeping Computer: Starting yesterday, there have been numerous reports of people's Windows computers being infected with something called "All-Radio 4.27 Portable." After researching this heavily today, it has been determined that seeing this program is a symptom of a much bigger problem on your computer. If your computer is suddenly displaying the above program, then your computer is infected with malware that installs rootkits, miners, information-stealing Trojans, and a program that is using your computer to send send out spam.

Unfortunately, while some security programs are able to remove parts of the infection, the rootkit component needs manual removal help. Due to this, if you are infected with this malware, I strongly suggest that you create a malware removal help topic in our Virus Removal forum in order to receive one-on-one help in cleaning your computer. Some of the VirusTotal scans associated with this infection have also indicated that an information stealing Trojan could have been installed by this malware bundle as well. Therefore, it is strongly suggested that you change your passwords using a clean machine if you had logged into any accounts while infected. 6/29/18: The story has been updated to specify that this malware campaign is targeting Windows computers.

7 of 247 comments (clear)

  1. Microsoft Windows only by smoothnorman · · Score: 4, Insightful

    Would it be so difficult to place somewhere in an "Operating System" tagged posting which operating system was affected? Slashdot folks really might have more than one OS in their areas and it would be nice to know which is at risk right at the top.

    1. Re: Microsoft Windows only by Anonymous Coward · · Score: 2, Insightful

      If malware does attack your linux computer, rest assured that only all of your personal content in your home directory will be wiped. The actual OS and software that you can download and install again for free is protected.

    2. Re: Microsoft Windows only by Gavagai80 · · Score: 3, Insightful

      In reality though, my PCs have never been compromised in 18 years running desktop Linux... and never needed an antivirus. It's true that running as a limited user isn't a huge advantage in itself, just a small one. The main thing that makes Linux safer, I think, is that nearly everything I install is from a trusted repository -- not random websites that may have been compromised themselves. Microsoft tried to copy that with Windows Store, but they allow adware and don't review the source code to prevent outright malware either so it doesn't really help.

      --
      This space intentionally left blank
    3. Re: Microsoft Windows only by AmiMoJo · · Score: 2, Insightful

      Actually Linux is more vulnerable than Windows to this kind of attack because most Linux systems do not implement any kind of secure boot procedure.

      These rootkits work by replacing some parts of the OS that are loaded very early in the boot process, things like core SATA drivers needed to read in the rest of the OS or parts of the kernel. That makes them very hard to detect and remove, because any software running on the OS that tries to read those files can be supplied with a clean copy by the rootkit. Even the kernel can't easily figure out if the SATA driver or the filesystem handler is really giving it the true data or a fake copy.

      Windows mitigates this by implementing Secure Boot. This is something that is part of the UEFI spec and which Linux users got upset about when it looks like some devices might not let you load your own keys. Modern Windows systems supplied by PC/laptop manufacturers have a Microsoft key in the UEFI that is used to verify the OS boot files have not been altered by a rootkit before loading them. Microsoft requires OEMs to implement it for Windows 10.

      Other Windows installs, particularly older ones people do themselves, might not have Secure Boot enabled and so are vulnerable to this kind of attack. Linux systems very very rarely use Secure Boot so are almost always vulnerable to.

      In both cases (Linux and Windows) some kind of root exploit is needed to alter those files in the first place. The difference is that a Windows system with Secure Boot can detect it and recover those files from a hopefully clean backup copy that normally no level of privilege allows to be corrupted. On Linux you would have to somehow notice yourself what has happened and fix it manually with a boot disk.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  2. Re:Poor Microsoft by l0ungeb0y · · Score: 3, Insightful

    You clearly have no clue as to how expensive writing a new Operating System would be. Hell, just look back at when Apple needed to replace Mac OS and had to endure bringing back that smug turtle neck wearing megalomaniac bastard as CEO just to get an OS that wasn't some Open Source cheeseball

  3. Virus Protection is So Good by phantomfive · · Score: 5, Insightful

    Yet another reason to not waste your money on "virus protection." Use the free Windows Defender if you must, and make sure you have good backups.

    --
    "First they came for the slanderers and i said nothing."
  4. In other news... by nuckfuts · · Score: 3, Insightful

    Some viruses are hard to remove

    Spending one day looking into something is now called "researching heavily".

    On the serious side, I've often been annoyed by Windows 10 aggressively pushing updates, but there have been some interesting security features added to recent builds. Microsoft has a demo website with some good information, along with some tools for testing your configuration.

    There is also a video online that details the new features.