Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Short description
Win32/StonedBoot.A is a trojan that installs Stoned Bootkit malware.
Installation
When executed, the trojan creates the following folders:
  • %systemdrive%\Stoned
  • %systemdrive%\Stoned\Applications
  • %systemdrive%\Stoned\Drivers
  • %systemdrive%\Stoned\Plugins
The following files are dropped :
  • %systemdrive%\Stoned\Applications\Forensic Lockdown
    Software.sys (3527 B)
  • %systemdrive%\Stoned\Applications\Hibernation File Attack.sys
    (3098 B)
  • %systemdrive%\Stoned\Applications\Sinowal Loader.sys (1991 B)
  • %systemdrive%\Stoned\Applications\Windows.sys (2668 B)
  • %systemdrive%\Stoned\Drivers\Black Hat Europe 2007 Vipin Kumar
    POC.sys (4096 B)
  • %systemdrive%\Stoned\Drivers\Sinowal Extractor.sys (4096 B)
  • %systemdrive%\Stoned\Drivers\Sinowal.sys (229504 B)
The trojan displays the following dialog box:
Other information
The trojan copies the original Master Boot Record (MBR) to the following file:
  • %systemdrive%\Stoned\Master Boot Record.bak (32256 B)
The trojan replaces the Master Boot Record with its own code that will gain control of the compromised computer when it restarts.

Example (1.) :
The trojan stores the first sector of the original MBR in sector 61 of the new MBR.

The trojan can be used to gain full access to the compromised computer.