Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Security Portables Worms Hardware

Boot Sector Virus Shipped on German Laptops 79

Posted by Zonk
from the extra-value-for-your-deutschmark dept.
Juha-Matti Laurio writes "A consignment of laptops from German manufacturer Medion, sold through German and Danish branches of giant retail chain Aldi, have been found to be infected with the boot sector virus 'Stoned.Angelina', first seen as long ago as 1994. The affected notebook models (German language) Medion MD 96290 have been pre-installed with Windows Vista Home Premium and Bullguard anti-virus, which reportedly is unable to remove it. A special removal tool was released to clean the laptops. Aldi has shared the same warning as well. Two years ago several thousands of Creative Zen Neeon MP3 players were shipped with a Windows worm Wullik.B."
This discussion has been archived. No new comments can be posted.

Boot Sector Virus Shipped on German Laptops

Comments Filter:
  • Not jut Creative... (Score:2, Informative)

    by wal9001 (1041058)
    Apple did it too, remember? Cue people whining about how the fanbois ignore Apple's flaws so that they can pretend Creative is satan in 3.... 2.... 1....
    • I think this is a common experience, because of quality control issues and manufacturing being outsourced to contractors. Here Apple talking about iPods shipping with a Windows Virus on it... straight from Apple's site. Click here [apple.com]. Apparently, a contractor was to blame.
      • by empaler (130732)

        I think this is a common experience, because of quality control issues and manufacturing being outsourced to contractors. Here Apple talking about iPods shipping with a Windows Virus on it... straight from Apple's site. Click here [apple.com]. Apparently, a contractor was to blame.

        Apparently, Apple was to blame. I don't really care about whether or not it's an inhouse or an outsourced screwup, when I purchase Apple gear, they've branded the item as theirs. The only exemption from this is if some computer store that sells the iPods has the added service to update the official firmware before selling the ipods as an added service to the customers, and the computer they then hook the iPod up to infects the iPod.

  • by gandhi_2 (1108023) on Saturday September 15, 2007 @12:21PM (#20617229) Homepage
    ...cutting out the middleman!
  • by Walzmyn (913748) on Saturday September 15, 2007 @12:22PM (#20617237)
    stoned.angelina is a nasty virus too. If your computer is infected it will download other child viruses with weird names from third world countries.
    • by arivanov (12034)
      Provided that it does not download the aforementioned third world country security service to beat you up and stuff your new digital camera up your arse that can probably be tolerated..
  • hah (Score:2, Funny)

    by Anonymous Coward
    hahah :)
    Cant even clean up with their own AV.. Sucks to be them..
  • Hmm (Score:5, Informative)

    by Poromenos1 (830658) on Saturday September 15, 2007 @12:23PM (#20617263) Homepage
    It doesn't really seem to do anything [symantec.com].
  • Ouch (Score:4, Funny)

    by spikedvodka (188722) on Saturday September 15, 2007 @12:24PM (#20617265)
    Stupid, Stupid, Stupid, Stupid... and in case i didn't mention STUPID...

    What was whoever doing on the base image that caused it to become infected? I build system images, and rule #1: Make sure it works cleanly when you're done.

        Somebody's Head
    ------------------- = Silver platter

    (Silly junk character filter, I can't even ASCII Art a silver platter)
  • by NorQue (1000887) on Saturday September 15, 2007 @12:24PM (#20617275)
    ... a Retro-Virus? ;-)
  • by Simon (S2) (600188) on Saturday September 15, 2007 @12:25PM (#20617279) Homepage
    ...says ALDI:

    Aufgrund vereinzelt anders lautender Pressemitteilungen stellt die MEDION AG klar, dass das ALDI-Notebook nicht mit dem Virus Stoned Angelina ausgeliefert worden ist.

    Quick translation: Since there was some Press-noise, MEDION feels the need to say that the ALDI-Notebook is not infected with the Stoned Angelina virus.
    • by Anonymous Coward
      Better translation:

      Due to isolated press reports to the contrary, MEDION AG clarifies that the ALDI-Notebook has not been being delivered with the virus Stoned Angelina.

    • by empaler (130732)
      Still not a chance in hell I'll buy a computer from Aldi.
  • Systems shipped by Wal-Mart were found to contain numerous copies of a simple text game where the user imagines an animal and the game asks questions in order to deduce the animal in question. Anti-malware programs no only failed to identify the game as a threat, but were themselves overwritten with the game.
    • Someone help me get that joke pls?
      • Pervading Animal [fourmilab.ch], while a harmless text game for Univac systems, was nonetheless one of the first programs known to self-replicate and distribute in the manner of a Trojan Horse. It was so widespread that there were stories of install tapes coming from the Univac vendor already infected.

        The Animal game eventually stopped replicating when there were changes to the Univac filesystem that broke its copy test.

  • You mean this one [sourceforge.net]?

    Thank goodness it wasn't a BIOS trojan.
  • by no_pets (881013) on Saturday September 15, 2007 @12:33PM (#20617337)
    Isn't Adli a grocery store? WTF is it doing selling PCs? If you buy a PC at the grocery store you deserve to get infected. IMHO
    • by Animaether (411575) on Saturday September 15, 2007 @12:39PM (#20617383) Journal
      Aldi isn't really a grocery store - they're more like a large convenience store... i.e. supermarket. And yes, they sell PCs and Notebooks from time to time. And no, they're not crap either. Yes, they tend to be near the lower range, but within that lower range, you can get a great deal on them by going through stores like Aldi. The reason for that is simply numbers.. Aldi buys up thousands for a much lower price than a consumer can get. They then sell these at only slightly above the price they themselves paid... the profit on these machines for them is minimal. The additional turnover they get by luring in customers is what they're interested in mostly.
      • by abb3w (696381)

        Aldi isn't really a grocery store - they're more like a large convenience store... i.e. supermarket.

        Ah -- the German equivalent of a Super Wal-Mart or Target.

    • ... but against super-cheap prices, run by slaves [wikipedia.org](very low wages, very strict time policies on the counters), and selling great deals on a weekly basis (for which great interest exists). Another company that runs pretty much by the same formula is Lidl [wikipedia.org].
    • by RogerWilco (99615)
      I am writing this on one of those Aldi Medion laptops (now a year old). They do sell electronic hardware too, but something different every week. about 3x year they have a Medion laptop for sale, in between they have a desktop.

      These are usually very good value for money. The drawback is that you have no choice, as they only sell one model.
      They can be so cheap because of their buying power, there are about 8.000 Aldi stores in Europe, and each gets 15 computers to sell as a minimum, AFAIK. The next week it w
  • by Giro d'Italia (124843) on Saturday September 15, 2007 @12:40PM (#20617387)
    I always run DBAN on a new system or hard drive, OEM assembled or not. Insist on proper OS installation media and unless it too is defective, you'll be fine. But never, ever, trust a machine setup by anyone else. That's not practical for everyone, but we're all geeks here, installing your OS of choice should be a rite of passage. :)
    • Re: (Score:1, Informative)

      by Anonymous Coward
      and what if your driver CD(s) have a virus? After all, one can "set things up themself" and still get backdoored by a printer driver [slashdot.org].
    • That's a bit extreme, isn't it?

      DBAN and similar tools are great for erasing data on a hard drive you're loosing physical possession of (for whatever reason), but there's no need to spend hours or days cleaning a disk you've just acquired. If you erase the boot sector and partition information then you have destroyed everything you need to destroy in order to ensure it's "clean" - i.e. as far as the BIOS or OS is concerned there is nothing stored on the disk to load and execute. This can be achieved in just
  • My question is: What good is this "Bullguard anti-virus" if it can't even remove a simple virus that is over 10 years old?
  • Now that is efficient! Why email trojans [slashdot.org] to the criminals when you can have them preinstalled by the factory!

    I smell a conspiracy.
  • I mean, without voluntarily looking for it? And how do you get it accidentally on a new PC? Have they stored the bios on infected floppies, or what? Installed DOS first, because the Windows Vista upgrade is cheaper than an OEM version? Tsk, tsk.
    • by sumdumass (711423)
      During the boot cycle, the bios needs operating parameters outside what is stored in the bios. It could preload them itself but then all operating systems would have to start loading from it and then unload it somewhere along the line. Instead, then allow a small amount boot code to be placed in the boot sector of a drive's media that the OS can control and unload at it's convenience. It also controls disk access outside the limitations of the bios which would allow for larger drives and different file syst
      • The way a PC boots is that the bios loads a peice of code from the MBR and runs it, it provides this code with services to access hard and floppy drives (no filesystem support just the ability to read and write sectors). What happens from there is up to the OS that put the code in the MBR. In the windows world the MBR code hands off to code in the boot sector of the active partition. That code in turn typically has some form of minimal filesystem support allowing it to read and load the rest of the OS.
    • Re: (Score:2, Informative)

      by lordtoran (1063300)
      Yes, I indeed think the guy who created the image installed DOS and various diagnostic/burn-in-testing tools first from some old infected floppies he had lying around at home. Quite dilettanish, because there are special Linux live CDs that do a better task at such preparations.
    • I got a hundred of them. Of course a lot them are still on 5 1/4" diskettes. Most of the stoned viruses were comparatively harmless, Disk Killer was a real bastard, kiss bye bye to everything.

      Remember the KAK worm. Shut down computers at 5:00 PM on Friday. Something like that. It was spread in an invisible executable signature in Outlook Express. I had a good deal of admiration for that one, and we made a lot of money cleaning it up. Now who would have thought about a script as a signature that copied its

      • I remember the good old times of DOS bootsector viruses. I had a virus named Tremor that reprogrammed the VGA registers, so from time to time the screen contents would shiver like having a cold, and on some occasions a little Pacman appeared and ate the menu bar of Norton Commander. It was fun until I switched on the PC one day and was greeted with the message "ROM BIOS NOT FOUND" in 40x25 black & white mode.
      • by funkatron (912521)
        Can I borrow a copy of KAK for the office?
  • How adorably quaint.
  • If there's a tool to clean it up, then use it. Or just format everything including MBR and get GRUB inside, and boot your fav. distro. (just a thought) And if that virus causes the user (owner of the machine) to lose data (for e.g), there are lawsuits. Next time I buy new stuff, I'll ask - "can you please provide me with a hard drive with a formatted MBR (done in front of me)?" Oh well, if I ask that for an HDD, I may end up with modems without internal firmwares and the tech guy will respond: "okay, you t
    • by ettlz (639203)

      If there's a tool to clean it up, then use it.
      Time to use dd in anger, methinks.
  • by Pykasye (814219)
    It's not a bug, it's a feature.
  • Just imagine if Worst Buy sold these. The Gector Squad would offer a special "new PC tuneup" for an extra hundred clams or so, but then you'd probably get infected by some of the warez they allegedly use to "support" customers. Wait...why am I asking this question? They already do this!
  • Now I don't have to wait for my daughter to download a virus, it comes preinstalled!
  • by Anonymous Coward on Saturday September 15, 2007 @01:52PM (#20617863)
    As opposed to the above comment, Medion Nordic HAS acknowledged that our laptops have been infected with Stoned.Angelina.

    We also have a nice little fix for it, even though it oughtn't have been nescesary to make one in the first place.

    But it's always fun to get 3x the amount of calls as normal due to a cock-up like this.

    And to be honest - it's an MBR virus. Has no payload, spreads primarily through floppy disks. It's about as dangerous to computers today as diarrhoea [wikipedia.org] is in a western country. Sounds bad, but nothing to worry about.
  • FDISK (Score:4, Informative)

    by Reason58 (775044) on Saturday September 15, 2007 @02:54PM (#20618289)
    You used to be able to kill any boot sector virus instantly with "fdisk /mbr", but that command was retired when DOS went away.
    • From my own experience, many boot sector viruses were tough enough to survive CTRL-ALT-DEL or even a warm reboot via the reset button, so it is imperative to turn the PC completely off after that procedure.
  • I had to scan and repair about 1000 floppies and write a memo about not taking your work home. The IT manager did not believe that virii existed. Discovered it by looking at the boot sector with debug. The text string:"your PC is stoned", showed up. F-prot saved the day. That particular version of Stoned had a bug which would trash part of the root directory.
  • I remember getting this virus on my 386 in the early 90's. That just goes to show how little things have changed if this virus is still able to infect machines.
  • remind me (Score:3, Insightful)

    by JustNiz (692889) on Saturday September 15, 2007 @07:13PM (#20620405)
    never to buy bullguard if it can't even deal with a 14 year old virus.
  • ... that theses weren't "trusted" computers (or TPM or whatever they call them).

    At least you're still able to re-format and start from scratch.....

To avoid criticism, do nothing, say nothing, be nothing. -- Elbert Hubbard

Working...