To protect from MBR, we designed and distributes "MBR protection program" including "Prevent Real-time HDD destroying" function.
2. Main functions
This malicious file with the destruction capabilities, which is tampering into MBR area function, can cause unable to boot.
Following figure describes the order of infection.
First of all, web hard site is tampered by attacker, then spreading malicious file after being injected malicious code. PCs infected after downloading this malicious file will be becoming zombie PC. These tampered PC can download DDoS related malicious file, containing capability of destroy HDD, and can work on certain condition.
The main function of INCA Internet's "nProtect MBR Guard" is protecting from illegal tampering MBR sector of HDD and it adopted Command-Filter Driver technique to restrict "Overwrite" in that sector with fully understanding of API's in Windows.
These are minimum factors for securing integrity and protecting system. MBR sector must be protected for using computer safely.
"nProtect MBR Guard" will remain driver Layer and protect from all malicious commands. Unlike MBR, general disks such as (C:\, D:\) are mounted and can be protected with File System Filter modules.
That's the reason why "nProtect MBR Guard" adopted "Disk Filter" which is filtering Disk.sys Driver on MBR sector and understood Disk I/O flow.
3. How to use
You can download "nProtect MBR Guard" through following link.
Right clicking tray icon will show following menu.
[MBR 보호][MBR Protection] is set by default and will protect from malicious access.
[자동시작][Auto Start] function is also set by default and will run on booting automatically.
When [MBR 보호][MBR Protection] is activated, our "nProtect MBR Guard" will protect all of attempts accessing MBR sector.