Microsoft has warned last week about a new variant of the "Popureb" Trojan that manages to prevent users from deleting the malicious MBR by replacing the disk write operation with a read operation.
The user believes the operation was a success, but the malicious code is still there.
"If your system does get infected with Trojan:Win32/Popureb.E, we advise you to fix the MBR and then use a recovery CD to restore your system to a pre-infected state (as sometimes restoring a system may not restore the MBR)," advised Microsoft's Chun Feng. "To fix the MBR, we advise that you use the System Recovery Console, which supports a command called 'fixmbr'".
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.