Jump to content

Community Zone
Recent Forum Topics
MSFN Guides
Mobile News

MSFN Recommend
AskVG.com Bink Filehorse FreewareFiles Where unprofessional journalism looks better OSNN The Windows Club WinBeta lunarsoft
MSFN Statistics

Windows News
Microsoft clarifies MBR rootkit removal advice

Microsoft yesterday clarified the advice it gave users whose Windows PCs are infected with a new, sophisticated rootkit that buries itself on the hard drive's boot sector. Several security researchers agreed with Microsoft's revisions, but a noted botnet expert doubted that the advice guaranteed a clean PC.

Last week, the Microsoft Malware Protection Center (MMPC) highlighted a new Trojan, dubbed "Popureb," and said that the only way to eradicate the malware was to use a recovery disc.

Because a recovery disc returns Windows to its factory settings, Microsoft was essentially telling users that they needed to reinstall Windows to completely clean an infected PC.

That recommendation was similar to what Microsoft had offered more than a year ago, when another Trojan buried rootkit code into the master boot record (MBR) of the PC's hard drive.

On Wednesday, MMPC engineer Chun Feng clarified Microsoft's advice.

"If your system is infected with Trojan:Win32/Popureb.E, we advise fixing the MBR using the Windows Recovery Console to return the MBR to a clean state," Feng wrote on an updated blog yesterday.

Feng provided links to instructions on how to use the Recovery Console for Windows XP, Vista and Windows 7.

Once the MBR has been scrubbed, users can run antivirus software to scan the PC for additional malware for removal, Feng added.

More @ NetworkWorld