Jump to content

Categories:    Windows      Software      Hardware      Security      Mobile      Internet      Guides
Sponsored Links
Recent Forum Topics
Community Zone
MSFN Guides
Mobile News

MSFN Recommend
AskVG.com Bink Filehorse FreewareFiles Where unprofessional journalism looks better OSNN The Windows Club WinBeta lunarsoft
MSFN Statistics
1.3K
116.7K
129.7K
834.1K
Online
Members
Topics
Replies


Windows News
Microsoft clarifies MBR rootkit removal advice
Posted on Jun 30 2011 11:41 AM by xper in Security

Microsoft yesterday clarified the advice it gave users whose Windows PCs are infected with a new, sophisticated rootkit that buries itself on the hard drive's boot sector. Several security researchers agreed with Microsoft's revisions, but a noted botnet expert doubted that the advice guaranteed a clean PC.

Last week, the Microsoft Malware Protection Center (MMPC) highlighted a new Trojan, dubbed "Popureb," and said that the only way to eradicate the malware was to use a recovery disc.

Because a recovery disc returns Windows to its factory settings, Microsoft was essentially telling users that they needed to reinstall Windows to completely clean an infected PC.

That recommendation was similar to what Microsoft had offered more than a year ago, when another Trojan buried rootkit code into the master boot record (MBR) of the PC's hard drive.

On Wednesday, MMPC engineer Chun Feng clarified Microsoft's advice.

"If your system is infected with Trojan:Win32/Popureb.E, we advise fixing the MBR using the Windows Recovery Console to return the MBR to a clean state," Feng wrote on an updated blog yesterday.

Feng provided links to instructions on how to use the Recovery Console for Windows XP, Vista and Windows 7.

Once the MBR has been scrubbed, users can run antivirus software to scan the PC for additional malware for removal, Feng added.

More @ NetworkWorld









Your Comment?

0 Comments