Solution for Popureb rootkit infection
Posted on 28.06.2011
Bootkits are kernel-mode rootkit variants that hide in the computer's master boot record (MBR) and are notoriously difficult to spot and, sometimes, to eradicate.

Microsoft has warned last week about a new variant of the "Popureb" Trojan that manages to prevent users from deleting the malicious MBR by replacing the disk write operation with a read operation.

The user believes the operation was a success, but the malicious code is still there.

"If your system does get infected with Trojan:Win32/Popureb.E, we advise you to fix the MBR and then use a recovery CD to restore your system to a pre-infected state (as sometimes restoring a system may not restore the MBR)," advised Microsoft's Chun Feng. "To fix the MBR, we advise that you use the System Recovery Console, which supports a command called 'fixmbr'".






Spotlight

Researcher tests Tor exit nodes, finds not all operators can be trusted

A security researcher that goes by the name Chloe recently tested around 1,400 Tor exit nodes by setting up a Bitcoin-themed phishing site.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Mon, Jun 29th
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //